[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: ExplorerXP : Directory Traversal and Cross SiteScripting
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Re: ExplorerXP : Directory Traversal and Cross SiteScripting
- From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 14:31:45 +0100
Jerome Athias wrote:
> ExplorerXP : Directory Traversal and Cross Site Scripting
>
> Software : ExplorerXP
Some mention of the manufacturer or a link to the mfr's website would have
helped here.
> Two vulnerabilities have been discovered in ExploreXP, which can be
> exploited by malicious people to conduct directory traversal and Cross
> Site Scripting attacks.
>
> Directory Traversal : http://[target]/dir.php?chemin=../../../
>
> Cross Site Scripting : http://[target]/dir.php?chemin=../<b>Silitix
The only "ExplorerXP" I can find by googling is a file system viewer /
file manager. It doesn't say anything about having a webserver in it.
Which one are you talking about?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/