10 lines
No EOL
835 B
Text
10 lines
No EOL
835 B
Text
source: https://www.securityfocus.com/bid/8977/info
|
|
|
|
It has been reported that Easy PHP Photo Album is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'dir' parameter. This problem is due to insufficient sanitization of user-supplied input.
|
|
|
|
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
|
|
|
|
Easy PHP Photo Album version 1.0 has been reported to be vulnerable to this issue, however prior versions may be affected as well.
|
|
|
|
http://www.example.com/photos/showimages.php?dir=<iframe%20src="C:\"%20width=400%20height=400></iframe>
|
|
http://www.example.com//photos/showfullimage.php?dir=[dir name][spc]St[spc]Clair&image=<h1>hello</h1> |