Tyger Bug Tracking System Multiple Vulnerability

2007-03-08 / 2007-03-09
Credit: CorryL
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2007-1291 | CVE-2007-1289
CWE: N/A

-=[--------------------ADVISORY-------------------]=- Tyger Bug Tracking System Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]] -=[-----------------------------------------------]=- -=[+] Application: Tyger Bug Tracking System -=[+] Version: 1.1.3 -=[+] Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script\Sql injection -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.xoned.net -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. Tyger Bug tracking software has been designed and developed or individuals or groups of software developers to manage software development better. By using Tyger teams of developers are able to communicate far better with each fellow developers or end user's which ultimately improves the quality of your software project or product. ..::[ Proof Of Concept ]::.. [Sql injection] http://remote_server/ViewBugs.php?s=[sql]&o=ASC [Xss] http://remote_server/Login.php/>">[XSS] http://remote_server/Register.php/>">[XSS]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top