bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/17200.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

33 lines
No EOL
1.2 KiB
Text
Raw Permalink Blame History

# Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP
Header presisitent XSS
# Date: 21-4-2011
# Author: Saif El-Sherei
# Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip
# Version: 1.4.0.3 latest updated 2011-4-19
# Tested on:FF 3.0.15, IE 8
Info:
Zenphoto is an answer to lots of calls for an online gallery solution that
just makes sense. After years of bloated software that does everything and
your dishes, zenphoto just shows your photos, simply. It's got all the
functionality and "features" you need, and nothing you don't. Where the old
guys put in a bunch of modules and junk, we put a lot of thought. We hope
you agree with our philosopy: simpler is better.
Details:
failure to sanitize "x-forwarded-for" HTTP header in security logs before
being displayed in "zp-core/admin-logs.php", could allow a remote attacker
to inject malicious HTML code by altering the "x-forwarded-for" HTTP header
using either an intercepting proxy or manual requests in security logs and
attack any user with sufficient privilege to access "Security-logs", usually
appliaction administrators by presistent XSS.
POC:
<script>alert('Saif was Here');</script>
Regards,
Saif El-Sherei
Reference in a new issue View git blame Copy permalink