12 matches found
PHPReactor 1.2.7 Style Attribute HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields. An attacker ma...
PT-2007-6063 · Phpreactor · Phpreactor
Name of the Vulnerable Software and Affected Versions: phpReactor version 1.2.7pl1 Description: Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to certain PHP files, including 1 ekilat.com-int.tpl.php, 2...
phpreactor <===1.2.7 remote file include
phpreactor ===1.2.7 remote file include url:http://sourceforge.net/projects/phpreactor/ author:titanichacker egy-virus contact: hack-teach.com & mohandko.com & tryag.com bug in : /inc/view.inc.php & inc/users.inc.php & inc/updatecms.inc.php & inc/polls.inc.php...
PHPReactor EditProfile.PHP远程文件包含漏洞
PHPReactor是一款基于PHP的WEB应用程序。 PHPReactor不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'editprofile.php'脚本对用户提交的"pathtohomedir"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Angus D Madden PHPReactor 1.27pl1 http://freshmeat.net/projects/phpreactor/?branchid=7919&releaseid=87168...
PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================== PhpReactor 1.2.7pl1 pathtohomedir Remote Inclusion Vulnerability ================================================================== phpreactor 1.2.7 pl 1 pathtohomedir...
PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion
www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB" include$pathtohomedir."/inc/db.inc.php"; //INCLUDE LANGUAGE FUNCTIONS...
PhpReactor 1.2.7pl1 - pathtohomedir Remote File Inclusion
PhpReactor 1.2.7pl1 - pathtohomedir Remote File Inclusion www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB"...
PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability
No description provided by source. www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB" include$pathtohomedir."/inc/db.inc.php";...
PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting
PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5939/info phpReactor is prone to cross-site scripting attacks. An attacker may create a malicious link to a phpReactor site which contains malicious HTML and script code. If this link is visited by a...
PHPReactor 1.2.7 pl1 - 'browse.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/5939/info phpReactor is prone to cross-site scripting attacks. An attacker may create a malicious link to a phpReactor site which contains malicious HTML and script code. If this link is visited by a web user, the attacker-supplied code will execute in...
phpReactor - Cross-Site Scripting via STYLE
phpReactor has recently been updated to eliminate several known cross-site scripting vulnerabilities. Among these changes was to reduce the tags allowed in posts, profiles, etc. down to B, I, and FONT. However, using the "STYLE" attribute, one can still defeat this: b...
PHPReactor 1.2.7 - Style Attribute HTML Injection
source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields. An attacker may potentially exploit this situati...