BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Multiple bugs in EditTag Jan 05 2007 05:26PM
nj hackerz ir
Script: EditTag
Version: 1.2
Author: Greg Billock (dmacewen (at) isn (dot) net [email concealed])
Discoverer: NetJackal (nima_501[4T]yAhoo[D0T]com - nj[4T]hackerz[D0T]ir)

I am sorry for my BAD English.

Description:

1) Local file injection:
An attacker can use edittag.cgi or edittag_mp.cgi (maybe .pl) to inject files (ex. /et...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus