MODx Local File Include and Cross Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, attackers must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/modx/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00


 

Privacy Statement
Copyright 2010, SecurityFocus