AOH :: Web :: Apps :: B06-2451.HTM

AOH :: Web :: Apps :: B06-2451.HTM
AZ Photo Album Script Pro

AZ Photo Album Script Pro AZ Photo Album Script Pro


AZ Photo Album Script Pro=0D
=0D
Homepage:=0D
http://www.php4script.com/php-photo-album-script/=0D 
=0D
Description:=0D
A powerful PHP/MySQL photo album (photo gallery) script with a lot of features.=0D
=0D
Effected files:=0D
index.php=0D
=0D
Exploits & Vulns:=0D
=0D
Captivate is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. =0D
=0D
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the =0D
attacker steal cookie-based authentication credentials and launch other attacks.=0D
=0D
Proof of Concept:=0D
">&">gazimage=198=0D">http://www.example.com/index.php?&gazpart=view">&">gazimage=198=0D 
=0D
I couldn't find a version # on the homepage for this script.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.