Computer Security

Security Advisory: # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  # MHG Security Team --- DuGallery V2.x SQL Injection

From:Dj_ReMix_20_(at)_hotmail.com <Dj_ReMix_20_(at)_hotmail.com>
Date:10.05.2006
Subject:# MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities

# Milli-Harekat Advisory ( www.milli-harekat.org )

# OzzyWork Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : OzzyWork Gallery All Version

# Credits : Dj ReMix

# Thanks : ßy Korsan , ESKOBAR , Poizonb0x , TR_IP


OzzyWork Gallery pictures upload page :
www.victim.com/[Ozzywork Path ]/add.asp

Vulnerable Code :
onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,
'',150,100,640,480,'PIC_WIDTH','PIC_HEIGHT');return
document.MM_returnValue

This Code Deleted and All file Type upload...
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server