Full Disclosure mailing list archives
ExplorerXP : Directory Traversal and Cross Site Scripting
From: Jerome Athias <jerome.athias () free fr>
Date: Wed, 29 Mar 2006 20:57:24 +0200
ExplorerXP : Directory Traversal and Cross Site Scripting Software : ExplorerXP Description : Two vulnerabilities have been discovered in ExploreXP, which can be exploited by malicious people to conduct directory traversal and Cross Site Scripting attacks. Directory Traversal : http://[target]/dir.php?chemin=../../../ Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix Solutions : Edit the source code to ensure that input is properly sanitised. Provided and/or discovered by : Silitix Reference : https://www.securinfos.info/english/security-advisories-alerts/20060329_.ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php http://ns79.hosteur.com/~secuti/explorerxp.php (Advisorie in french) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ExplorerXP : Directory Traversal and Cross Site Scripting Jerome Athias (Mar 29)
- Re: ExplorerXP : Directory Traversal and Cross SiteScripting Dave Korn (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and Cross SiteScripting Julien GROSJEAN - Proxiad (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting Dave Korn (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and Cross SiteScripting Julien GROSJEAN - Proxiad (Mar 30)
- Re: ExplorerXP : Directory Traversal and Cross SiteScripting Dave Korn (Mar 30)