[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MTCMS multiple upload vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MTCMS multiple upload vulnerabilities
From: none@xxxxxxxx
Date: 23 Feb 2007 18:17:31 -0000

avatar upload vulnerability:
upload any kind of file in:
site.com/MTCMS-V2.2/?a=gallery&b=add_down
and approuved or not it will be here :
/uploads/pictures/
same thing for : add link 
/index.php?a=links&b=add_link

xss permanent on Contact Us :
message & title fields are vulnerable to an xss attack.
this kind of xss are pretty dangerous, because you send the malicious message 
to an admin.
so you can get his cookie.

regards laurent gaffié

Prev by Date: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)
Next by Date: ViewCVS 0.9.4 issues
Previous by thread: Re: XXS in script Phorum
Next by thread: ViewCVS 0.9.4 issues
Index(es):
- Date
- Thread