header-logo
Suggest Exploit
vendor:
AZ Photo Album
by:
SecurityFocus
4,3
CVSS
MEDIUM
Cross-Site Scripting and Arbitrary File Upload
79, 264
CWE
Product Name: AZ Photo Album
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities

Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.

Mitigation:

Input validation and sanitization should be used to prevent attackers from exploiting these issues.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53641/info

The AZ Photo Album is prone to a cross-site-scripting and an arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie information, execute arbitrary client side script code in the context of browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks. 

http://www.example.com/demo/php-photo-album-script/index.php/%F6%22%20onmouseover=document.write%28%22google.com%22%29%20

http://www.example.com/demo/php-photo-album-script/index.php/?gazpart=suggest

Navigation

Suggest Exploit

Services By CQR