Jerome Athias wrote:
> ExplorerXP : Directory Traversal and Cross Site Scripting
>
> Software : ExplorerXP
Some mention of the manufacturer or a link to the mfr's website would have
helped here.
> Two vulnerabilities have been discovered in ExploreXP, which can be
> exploited by malicious people to conduct directory traversal and Cross
> Site Scripting attacks.
>
> Directory Traversal : http://[target]/dir.php?chemin=../../../
>
> Cross Site Scripting : http://[target]/dir.php?chemin=../Silitix
The only "ExplorerXP" I can find by googling is a file system viewer /
file manager. It doesn't say anything about having a webserver in it.
Which one are you talking about?
cheers,
DaveK
--
Can't think of a witty .sigline today
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/