9 lines
No EOL
649 B
Text
9 lines
No EOL
649 B
Text
source: http://www.securityfocus.com/bid/53641/info
|
|
|
|
The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.
|
|
|
|
http://www.example.com/demo/php-photo-album-script/index.php/%F6%22%20onmouseover=document.write%28%22google.com%22%29%20
|
|
|
|
http://www.example.com/demo/php-photo-album-script/index.php/?gazpart=suggest |