phpalbum persistent XSS vulnerability
Submitted by Hari12 on Sun, 2011-10-16 22:02.
| Project: | phpAlbum.net |
| Version: | 0.4.1-14 |
| Component: | Code |
| Category: | bug |
| Priority: | critical |
| Assigned: | Hari12 |
| Status: | new |
Description
Attackers can post malicious script in the "Username" option.For example iframe for spreading malware.
Also the cookies shows the md5 hash which also has to be fixed..
Image 1:http://i55.tinypic.com/5x5t95.png (Script in user profile)
Image 2:http://i53.tinypic.com/s6oemw.png(script can also execute while commenting or while using "write E-Card" option.
Hope the bugs will be fixed asap..
Thank you
for more information mail me:hari_kris02@yahoo.com
Recent comments
3 weeks 2 days ago
1 year 42 weeks ago
2 years 42 weeks ago
2 years 44 weeks ago
2 years 44 weeks ago
2 years 45 weeks ago
2 years 45 weeks ago
2 years 45 weeks ago
2 years 45 weeks ago
2 years 45 weeks ago