Ezportal/Ztml v1.0 Multiple vulnerabilities

2006.09.02
Credit: Hessamx hessamx net
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-4502 | CVE-2006-4501 | CVE-2006-4500
CWE: N/A

:: Ezportal/Ztml v1.0 Multiple vulnerabilities :: ------------------------------------------------ Software : Ezportal/Ztml Website : http://www.ztml.org Bug Discover : Hessam-x / www.hessamx.net I. Multiple Cross Site Scripting Vulnerabilities ------------------------------------------------- Parameters : About , Again , Lastname , Email , password , album, id , table , desc , doc , mname , max , htpl ,pheader , & more... are not properly sanitized in "Index.php". This can be used to post arbitrary HTML or web script code. Attacker can be execute this url : index.php?about=[XSS] index.php?username=GUEST&again=[XSS] & ... II. SQL Injection Vulnerabilities ------------------------------------------------- Parameters: about , album , id , use , desc , doc , max , mname , & Other ... is not properly sanitized before being used in SQL query. vulnerable Page is : "index.php". This can be used make any SQL query by injecting arbitrary SQL code. Attacker can be execute this url : index.php?about=[SQL Query]&use=ezportal.home.about.this.template index.php?doc=[SQL Query]&etpl=ezp.home.update.status&ukey=_zdoc.zdoc.group & other ... III. Authentication Bypass Vulnerability ------------------------------------------------- "Administration Area" script has no any authentication. Any user can get access to administrator's area.Just need to know script name


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top