TinyPHPForum is a forum based on file handling.
And has shown multiple vulnerabilities in several previous
releases.
Here I present the bugs for the actual version at 29/July
====================================================
Arbitrary File Handling.
Code:
PoC:
http://www.server.com/action.php?action=npost
====================================================
XSS, even with magic_quotes:
XSS.
====================================================
Password Disclosure:
====================================================
A working exploit is anexed.
====================================================
Att.
Sirdarckcat
www.elhacker.net
–
Att.
[email protected]