Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [SA21038] CzarNews "tpath" File Inclusion Vulnerability SubberZ[Lite] - Remote File Include perForms <= 1.0 ([mosConfig_absol ute_path]) Remote File Inclusion flatnuke <= 2.5.7 arbitrary php file upload From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com> Date:14.07.2006Subject:Orbitmatrix PHP Script v1.0Orbitmatrix PHP Script v1.0 Homepage: http://www.orbitcoders.com/ Affected files: index.php Possible SQL injection?: http://www.example.com/index.php?page_name=' And by trying a XSS vuln as shown below on page_name we see the query below which is displayed on screen: http://www.example.com/index.php?page_name=contact<script> And the displayed query: Query: select code from pages where name=contact Now we know the tables name is pages and a row is name. This works on all variable values. As the above XSS vuln wont work, we can see that using the one below will: http://www.example.com/index.php?page_name=<IMG%20SRC=javascript:alert('XSS')>
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[SA21038] CzarNews "tpath" File Inclusion Vulnerability
SubberZ[Lite] - Remote File Include
perForms <= 1.0 ([mosConfig_absol ute_path]) Remote File Inclusion
flatnuke <= 2.5.7 arbitrary php file upload
