[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities
From:       Dj_ReMix_20 () hotmail ! com
Date:       2006-05-09 11:37:55
Message-ID: 20060509113755.29695.qmail () securityfocus ! com
[Download RAW message or body]

# Milli-Harekat Advisory ( www.milli-harekat.org )

# OzzyWork Gallery Upload Vulnerabilities

# Risk : High

# Class: Remote

# Script : OzzyWork Gallery All Version

# Credits : Dj ReMix 

# Thanks : ßy Korsan , ESKOBAR , Poizonb0x , TR_IP


OzzyWork Gallery pictures upload page :
www.victim.com/[Ozzywork Path ]/add.asp

Vulnerable Code : onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'',150,100,640,480,'PIC_WIDTH','PIC_HEIGHT');return \
document.MM_returnValue

This Code Deleted and All file Type upload...


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic