BugTraq
XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities Jul 25 2008 03:13PM
azzcoder hotmail com
##############################################################

XMRS Multiple Vulnerabilities (ZeroDay at 25-07-2008)

Author: AzzCoder [azzcoder (at) hotmail (dot) com [email concealed]]

Product: http://www.xrms.org/

Product Type: CRM

Thanks: coresecurity.com

Remote File Inclusion

File: activities/workflow-activities.php

Variable: $include_directory

Required register_globals: Yes

XSS

Multiple Files

Variable: $msg

Quote limitations: Yes

Information Gathering

tests/info.php

phpinfo() call

##############################################################

# milw0rm.com [2008-07-25]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus