PPVChat Mulitiple Vulnerabilities

2010-01-09T00:00:00
ID 1337DAY-ID-10644
Type zdt
Reporter andresg888
Modified 2010-01-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================
PPVChat Mulitiple Vulnerabilities
=================================


##########################[andresg888]##########################
# Exploit Title : Exotic-Cams --LFI & XSS--
# Date : 2010-01-09
# Author : andresg888
# Dork : No DoRk f0R ScRipT KiDDieS
########################################################################
# Example LFI: http://server/registration/model.php
# Example XSS: Go to registration/user.php and in "City" put %00"'>
# Submit the form and see response.
########################################################################
# Malicious users may upload shell's in order to gather control from the site.
# Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable
# application to fool a user in order to gather data from them. An attacker can steal the
# session cookie and take over the account.
########################################################################
#Solution for lfi: Check if the script inputs are properly validated.
#Solution for xss: $_GET = preg_replace("|([^\w\s\'])|i",'',$_GET);
#                            $_POST = preg_replace("|([^\w\s\'])|i",'',$_POST);
########################################################################
# Greetz : _84kur10_ , Brunos_50, mmrg5486, LU73K, Joshu4X, 3l_d105_4r35
# Special Greetz : all members from montevideolibre
##########################[andresg888]#################################



#  0day.today [2018-01-01]  #