Full Disclosure mailing list archives
Re: ExplorerXP : Directory Traversal and Cross SiteScripting
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 30 Mar 2006 14:31:45 +0100
Jerome Athias wrote:
ExplorerXP : Directory Traversal and Cross Site Scripting Software : ExplorerXP
Some mention of the manufacturer or a link to the mfr's website would have helped here.
Two vulnerabilities have been discovered in ExploreXP, which can be exploited by malicious people to conduct directory traversal and Cross Site Scripting attacks. Directory Traversal : http://[target]/dir.php?chemin=../../../ Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix
The only "ExplorerXP" I can find by googling is a file system viewer / file manager. It doesn't say anything about having a webserver in it. Which one are you talking about? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ExplorerXP : Directory Traversal and Cross Site Scripting Jerome Athias (Mar 29)
- Re: ExplorerXP : Directory Traversal and Cross SiteScripting Dave Korn (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and Cross SiteScripting Julien GROSJEAN - Proxiad (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting Dave Korn (Mar 30)
- Re: Re: ExplorerXP : Directory Traversal and Cross SiteScripting Julien GROSJEAN - Proxiad (Mar 30)
- Re: ExplorerXP : Directory Traversal and Cross SiteScripting Dave Korn (Mar 30)