8 lines
No EOL
660 B
Text
8 lines
No EOL
660 B
Text
source: http://www.securityfocus.com/bid/19942/info
|
|
|
|
PHProg is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include a cross-site scripting vulnerability and a local file-include vulnerability.
|
|
|
|
A successful exploit may allow unauthorized users to view files and to execute local scripts, execute arbitrary scripts within the context of the web browser, and steal cookie-based authentication credentials. Other attacks are also possible.
|
|
|
|
http://www.example.com/PHProg/?id=1&album=http://www.example.com
|
|
http://www.example.com/PHProg/index.php?lang=http://www.example.com |