Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities

  [Full-disclosure] Multiple SQL Injection bugs in TCS website

  ViewCVS 0.9.4 issues

  XXS in script Phorum

From:laurent gaffié <none_(at)_none.com>
Date:27 февраля 2007 г.
Subject:MTCMS multiple upload vulnerabilities

avatar upload vulnerability:
upload any kind of file in:
site.com/MTCMS-V2.2/?a=gallery&b=add_down
and approuved or not it will be here :
/uploads/pictures/
same thing for : add link
/index.php?a=links&b=add_link

xss permanent on Contact Us :
message & title fields are vulnerable to an xss attack.
this kind of xss are pretty dangerous, because you send the malicious message to an admin.
so you can get his cookie.

regards laurent gaffie

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород