Successful exploitation requires the ability to execute the uploaded
JavaScript.
The Geeklog Forum program can be used as an attack vector since it does not
properly validate many $_GET / $_POST variables.
Could you give us some more details about these XSS vulnerabilities ? :)
Successful exploitation requires the ability to execute the uploaded
JavaScript.
The Geeklog Forum program can be used as an attack vector since it does
not
properly validate many $_GET / $_POST variables.
Could you give us some more details about these XSS vulnerabilities ? :)
Cause all
Files with .jpg extensions can be uploaded, but these file can contain
anything, like javascript or PHP code. Using FireFox you can upload any
jpg extension and it will be accepted since FireFox sets the mime type
based on file extension.
Uploading usually requires that you first create a
==
Geeklog = v1.6.0sr2 - Remote File Upload
Discovered: JaL0h
Software Site: http://www.geeklog.net
Dork: By Geeklog Created this page in +seconds +powered