New eVuln Advisory: @1 File Store Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/95/summary.html --------------------Summary---------------- eVuln ID: EV0095 Software: @1 File Store Sowtware's Web Site: http://www.upoint.info/cgi/download/ Versions: 2006.03.07 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched. Developer(s) contacted. PoC/Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. Multiple XSS Vulnerabilities Vulnerable script: signup.php Parameters 'real_name', 'email', 'login' are not properly sanitized. This can be used to post arbitrary HTML or JavaScript code. 2. Multiple SQL Injection Vulnerabilities 'id' parameter is not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code. 'email' parameter in password.php is also not properly sanitized before being used in SQL query and allows to make any SQL query. Condition: magic_quotes_gpc = off Vulnerable scripts: libs/functions.php libs/user.php control/files/edit.php control/files/delete.php control/users/edit.php control/users/delete.php control/folders/edit.php control/folders/access.php control/folders/delete.php control/groups/edit.php control/groups/delete.php confirm.php download.php password.php --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/95/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .