---------------- *RSS-aggregator* ---------------- Informations : ************** Langage : PHP Version : 1.0 Website : http://www.rss-aggregator.com Problems : Multiple vulnerabilities Description: ************ RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page. Details : ********* ----------------- **SQL injection** ----------------- Multiple sql injections: http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection] http://localhost/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection] ------------------------------ ** Access to admin functions** ------------------------------ We can easily access to all admin functions directly from files in /admin/fonctions/ directory. Examples: http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=5 http://localhost/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500 Credits: ******** Autor : Sylvain THUAL E-mail : contact_at_click-internet.fr Website : http://www.click-internet.fr