8 lines
No EOL
666 B
Text
8 lines
No EOL
666 B
Text
source: http://www.securityfocus.com/bid/48113/info
|
|
|
|
PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
|
|
|
|
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control.
|
|
|
|
http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
|
|
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON |