Lucene search
K

PPVChat - Multiple Vulnerabilities

🗓️ 09 Jan 2010 00:00:00Reported by andresg888Type 
exploitpack
 exploitpack
👁 32 Views

PPVChat website has multiple vulnerabilities including LFI and XSS. Malicious users can upload shells and steal session cookies. Solutions include proper validation of script inputs and filtering of user inputs

Code
##########################[andresg888]##########################
# Exploit Title : Exotic-Cams --LFI & XSS--
# Date : 2010-01-09
# Author : andresg888
# Vendor : http://www.ppvchat.com/
# Contact : andresg888[4t]gmail[dot]com
# Dork : No DoRk f0R ScRipT KiDDieS
########################################################################
# Example LFI: http://server/registration/model.php
# Example XSS: Go to registration/user.php and in "City" put %00"'>
# Submit the form and see response.
########################################################################
# Malicious users may upload shell's in order to gather control from the site.
# Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable
# application to fool a user in order to gather data from them. An attacker can steal the
# session cookie and take over the account.
########################################################################
#Solution for lfi: Check if the script inputs are properly validated.
#Solution for xss: $_GET = preg_replace("|([^\w\s\'])|i",'',$_GET);
#                            $_POST = preg_replace("|([^\w\s\'])|i",'',$_POST);
########################################################################
# Greetz : _84kur10_ , Brunos_50, mmrg5486, LU73K, Joshu4X, 3l_d105_4r35
# Special Greetz : all members from montevideolibre
##########################[andresg888]#################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jan 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
32