Ads Captivate 1.0 - XSS Vuln Tuesday, 23 May 2006 Description: A basic but highly-customizable PHP gallery script with optional thumbnail creation. Designed with screencaps in mind, it works best for large galleries of same-sized images. Effected files: gallery.php Inproper filtering of action ?page= can lead to XSS. Exploit: One way to XSS would be renaming your JavaScript file to an image as an XSS vector: http://www.example.com/gallery.php?page=5 Anoother one be: http://www.example.com/gallery.php?page= The current version of this script puts slashes in for and " but alot of other characters arent filtered.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.