lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070826204509.21650.qmail@securityfocus.com> Date: 26 Aug 2007 20:45:09 -0000 From: morin.josh@...il.com To: bugtraq@...urityfocus.com Subject: Abledesign Dynamic Picture Frame XSS Vendor Site: http://abledesign.com/ Version affected: ??? Demo: http://abledesign.com/demo/pframe.php Class: Input Validation Error Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fails to sufficiently sanitize user-supplied input data in "Image URL" text box by pressing the "submit" button. Example: 1.<html><font color="Red"><b>XSS</b></font></html> Discovered by: Joshua Morin (morin.josh@...il.com)