Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0

2003-11-05T00:00:00
ID SECURITYVULNS:DOC:5347
Type securityvulns
Reporter Securityvulns
Modified 2003-11-05T00:00:00

Description

+-----------------------------+ Advisories: CSS in PHP Photo Album by John Beatty ver. 1.0 Author: nimber [nimber@mail.ru] Date: [4.11.2003] +-----------------------------+ Vendor: John Beatty Version: 1.0 (and older versions?) +-----------------------------+ Problem: There is a danger of performance Cross Site Scripting (XSS) attack. Example#1: http://[victim]/photos/showimages.php?dir=<iframe%20src="C:\"%20width=400%20height=400></iframe> Example#2: http://[victim]//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1> +-----------------------------+ Feedback: nimber icq: 132614 e-mail: nimber@mail.ru and nimber@dezigner.ru Home Page: nimber.plux.ru +-----------------------------+ Greets: ZeT, euronymous, JLx and all my friends. p.s> Sorry for my bad english ;) +-----------------------------+ (0_o(0_o)0_o)