lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070223181731.5525.qmail@securityfocus.com> Date: 23 Feb 2007 18:17:31 -0000 From: none@...e.com To: bugtraq@...urityfocus.com Subject: MTCMS multiple upload vulnerabilities avatar upload vulnerability: upload any kind of file in: site.com/MTCMS-V2.2/?a=gallery&b=add_down and approuved or not it will be here : /uploads/pictures/ same thing for : add link /index.php?a=links&b=add_link xss permanent on Contact Us : message & title fields are vulnerable to an xss attack. this kind of xss are pretty dangerous, because you send the malicious message to an admin. so you can get his cookie. regards laurent gaffié