RSS-aggregator Multiple vulnerabilities

2008-07-01 / 2008-07-02
Risk: High
Local: No
Remote: Yes

---------------- *RSS-aggregator* ---------------- Informations : ************** Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: ************ RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details : ********* ----------------- **SQL injection** ----------------- Multiple sql injections: http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection] http://localhost/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection] ------------------------------ ** Access to admin functions** ------------------------------ We can easily access to all admin functions directly from files in /admin/fonctions/ directory. Examples: http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=5 http://localhost/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500 Credits: ******** Autor : Sylvain THUAL E-mail : contact_at_click-internet.fr Website : http://www.click-internet.fr

Referencje:

http://xforce.iss.net/xforce/xfdb/43509
http://www.securityfocus.com/bid/30016
http://www.securityfocus.com/archive/1/archive/1/493783/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top