[Full-disclosure] xss in php koala script v1.2
shieldmaiden333 at aol.com
shieldmaiden333 at aol.com
Fri Oct 14 23:11:48 BST 2005
xss
/info.php?user=<xss>
and an upload vulnerability if you upload a file named file.gif.php
/upload/file.gif.php?cmd=ls
file.gif.php is attached
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051014/3f06fd8c/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file.gif.php
Type: image/gif
Size: 897 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051014/3f06fd8c/attachment.gif
Full-Disclosure is hosted and sponsored by Secunia.