iFoto index.php file Variable XSS

2006-06-08T15:34:12
ID OSVDB:26341
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-08T15:34:12

Description

Solution Description

Upgrade to version 0.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+

References:

Vendor URL: http://ifoto.ireans.com/ Secunia Advisory ID:20619 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0103.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0163.html FrSIRT Advisory: ADV-2006-2290 CVE-2006-3006 Bugtraq ID: 18391