[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: @lex Guestbook 4.0.1 : Full Path Disclosure & XSS
From: mr_kaliman () msn ! com
Date: 2006-11-30 18:45:48
Message-ID: 20061130184548.18573.qmail () securityfocus ! com
[Download RAW message or body]
@lex Guestbook 4.0.1
--------------------
Vendor site: http://www.alexphpteam.com/
Product: @lex Guestbook 4.0.1
Vulnerability: Full Path Disclosure & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 24.11.06
Public disclosure: 30.11.06
Description:
------------
Full Path Disclosure:
http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin]
XSS:
http://[victim]/[guestbook_path]/index.php?skin=[XSS]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic