ExplorerXP : Directory Traversal and Cross Site Scripting
Software : ExplorerXP
Description :
Two vulnerabilities have been discovered in ExploreXP, which can be
exploited by malicious people to conduct directory traversal and Cross
Site Scripting attacks.
Directory Traversal : http://[target]/dir.php?chemin=…/…/…/
Cross Site Scripting : http://[target]/dir.php?chemin=…/<b>Silitix
Solutions :
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by :
Silitix
Reference :
https://www.securinfos.info/english/security-advisories-alerts/20060329_.ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php
http://ns79.hosteur.com/~secuti/explorerxp.php (Advisorie in french)
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/