Lucene search

K

OlateDownload3.4.0.txt

๐Ÿ—“๏ธย 04 Oct 2006ย 00:00:00Reported byย Hessam-xTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 15ย Views

OlateDownload 3.4.0 Multiple Vulnerabilities in OlateDownload softwar

Show more
Code
`::OlateDownload 3.4.0 Multiple Vulnerabilities ::  
------------------------------------------------  
Software : OlateDownload  
Website : www.olate.co.uk  
Bug Discover : Hessam-x / www.hessamx.net  
  
  
I. Cross Site Scripting Vulnerability  
-------------------------------------------------  
Parameter "description_small" are not properly sanitized in "userupload.php".  
This can be used to post arbitrary HTML or web script code.   
  
  
II. Multiple SQL Injection Vulnerabilities  
-------------------------------------------------  
Parameter "page" in "detailes.php" and "query" in "search.php"  
is not properly sanitized before being used in SQL query.  
This can be used make any SQL query by injecting arbitrary SQL code.  
Attacker can be execute this url :  
/details.php?page=%BF%27%22%28&file=1  
/search.php?query=%BF%27%22%28  
  
================================================  
Hessam Salehi .Hessamx[@]Hessamx.net  
================================================  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo