AOH :: HP Unsorted S :: C07-2468.HTM

sitex multiple vulnerabilities



sitex multiple vulnerabilities
sitex multiple vulnerabilities



global risk:critical

upload vulnerability:
in user profile upload an avatar with a double extension like :
file.php.jpg 
once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy() in /.
but the last extension (jpg) will be removed by the script, and stored in :
/content/avatars  
has ramdom_numberfile.php

xss get :
/sitex/calendar.php?sxMonth=1&sxYear='">
/sitex/search.php?search=

xss via mysql error:
/sitex/redirect.php?linkid=''">
/calendar_events.php?page='">

full path disclosure:
/sitex/calendar.php?sxMonth[]=1
/sitex/calendar.php?sxMonth=1&sxYear[]=2007
/calendar_events.php?page[]=1

multiples errors sql :
just add a ' on any var .. 
or on any fields ( like in forum,search,...etc )

regards laurent gaffi=E9

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.