PopScript - index.php Multiple Input Validation Vulnerabilities

2011-06-06T00:00:00
ID EXPLOITPACK:B8B59A2F2A62CAED245A15FEC0A24DBA
Type exploitpack
Reporter NassRawI
Modified 2011-06-06T00:00:00

Description

PopScript - index.php Multiple Input Validation Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/48113/info

PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. 

http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON