Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20096
HistoryJul 01, 2008 - 12:00 a.m.

RSS-aggregator Multiple vulnerabilities

2008-07-0100:00:00
vulners.com
15
JSON

RSS-aggregator

Informations :

Langage : PHP
Version : 1.0
Website : http://www.rss-aggregator.com
Problems : Multiple vulnerabilities

Description:

RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page.

Details :

SQL injection

Multiple sql injections:
http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]
http://localhost/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]

** Access to admin functions**

We can easily access to all admin functions directly from files in /admin/fonctions/ directory.

Examples:
http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=5
http://localhost/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500

Credits:

Autor : Sylvain THUAL
E-mail : [email protected]
Website : http://www.click-internet.fr

JSON