Gphotos Directory Traversal and Cross Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Gphotos Directory Traversal and Cross Site Scripting
From: doz@xxxxxxxxxxx
Date: 13 May 2006 11:22:10 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Details

The first vulnerability issue is due to an input validation error in 
"index.php" "diapo.php" and "affich.php" scripts that do not validate 
"rep","image" variables, which may be exploited to cross site scripting attacks.

http://traget/index.php?rep=[xss]

http://traget/diapo.php?rep=[xss]

http://traget/affich.php?image=[xss]

The second flaw is due to an input validation error in the "index.php" script 
that fails to properly validate "rep" variable, which may be exploited to 
disclose the contents of arbitrary folders.

http://traget/index.php?rep=../../../

Vulnerable versions

GPhotos 1.5 and prior

Credits
Moroccan Security
Contact
[ Psych0 ] <doz(at)bsdmail(dot)com>

Prev by Date: [FLSA-2006:185355] Updated gnupg package fixes security issues
Next by Date: [FLSA-2006:152904] Updated ncpfs package fixes security issues
Previous by thread: [FLSA-2006:185355] Updated gnupg package fixes security issues
Next by thread: [FLSA-2006:152904] Updated ncpfs package fixes security issues
Index(es):
- Date
- Thread