ZenPhoto 1.3 – ‘/zp-core/admin.php’ Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
11 阅读

作者： Bogdan Calin

日期： 2010-09-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34611/

source: https://www.securityfocus.com/bid/43021/info
 
Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Zenphoto 1.3 is vulnerable; other versions may also be affected.

/zenphoto_1_3/zp-core/admin.php?from=%22%20onmouseover%3dprompt%28934419%29%20bad%3d%22

last Exploits
ZenPhoto 1.3 – ‘/zp-core/admin.php’ Multiple Cross-Site Scripting Vulnerabilities的更多信息

Virtual Freer 1.58 – Remote Command Execution：
Oracle Glassfish OSE 4.1 – Path Traversal (Metasploit)：
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)：
Basic Analysis and Security Engine (BASE) 1.4.5 – ‘base_local_rules.php?base_path’ Remote File Inclusion：
rConfig 3.9 – ‘searchColumn’ SQL Injection：
WordPress Plugin File Upload 4.3.3 – Stored Cross-Site Scripting (PoC)：
Prometeo 1.0.65 – SQL Injection：
Moodle 3.11.4 – SQL Injection：