Computer Security

Security Advisory: [Full-disclosure] ExplorerXP : Directory Traversal and Cross Site Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA19435] VNews Multiple Vulnerabilities

  [SA19448] VBook Multiple Vulnerabilities

  [Full-disclosure] EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.

  X-Changer <=v0.2 Demo SQL injection

From:Jerome ATHIAS <jerome.athias_(at)_free.fr>
Date:30.03.2006
Subject:[Full-disclosure] ExplorerXP : Directory Traversal and Cross Site Scripting

ExplorerXP : Directory Traversal and Cross Site Scripting

Software : ExplorerXP

Description :

Two vulnerabilities have been discovered in ExploreXP, which can be
exploited by malicious people to conduct directory traversal and Cross
Site Scripting attacks.

Directory Traversal : http://[target]/dir.php?chemin=../../../

Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix

Solutions :
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by :
Silitix

Reference :

https://www.securinfos.info/english/security-advisories-alerts/20060329_.
ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php
http://ns79.hosteur.com/~secuti/explorerxp.php (Advisorie in french)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru