| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | @lex Guestbook 4.0.1 : Full Path Disclosure & XSS |
| From: | mr_kaliman@msn.com |
| Date: | 30 Nov 2006 18:45:48 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: Mr_KaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure: http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin] XSS: http://[victim]/[guestbook_path]/index.php?skin=[XSS] |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [USN-390-1] evince vulnerability, Kees Cook |
|---|---|
| Next by Date: | Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt |
| Previous by Thread: | [USN-390-1] evince vulnerability, Kees Cook |
| Next by Thread: | Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability, ajannhwt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |