@1 File Store Multiple XSS and SQL Injection Vulnerabilities

Risk: Medium
Local: No
Remote: Yes

CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

New eVuln Advisory: @1 File Store Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/95/summary.html --------------------Summary---------------- eVuln ID: EV0095 Software: @1 File Store Sowtware's Web Site: http://www.upoint.info/cgi/download/ Versions: 2006.03.07 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched. Developer(s) contacted. PoC/Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. Multiple XSS Vulnerabilities Vulnerable script: signup.php Parameters 'real_name', 'email', 'login' are not properly sanitized. This can be used to post arbitrary HTML or JavaScript code. 2. Multiple SQL Injection Vulnerabilities 'id' parameter is not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code. 'email' parameter in password.php is also not properly sanitized before being used in SQL query and allows to make any SQL query. Condition: magic_quotes_gpc = off Vulnerable scripts: libs/functions.php libs/user.php control/files/edit.php control/files/delete.php control/users/edit.php control/users/delete.php control/folders/edit.php control/folders/access.php control/folders/delete.php control/groups/edit.php control/groups/delete.php confirm.php download.php password.php --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/95/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com


Back to Top