Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-4498.htm

Ezportal/Ztml v1.0 Multiple vulnerabilities



Ezportal/Ztml v1.0 Multiple vulnerabilities
Ezportal/Ztml v1.0 Multiple vulnerabilities



:: Ezportal/Ztml v1.0 Multiple vulnerabilities ::=0D
------------------------------------------------=0D
Software : Ezportal/Ztml=0D
Website : http://www.ztml.org=0D 
Bug Discover : Hessam-x / www.hessamx.net=0D 
=0D
I. Multiple Cross Site Scripting Vulnerabilities=0D
-------------------------------------------------=0D
Parameters :=0D
About , Again , Lastname , Email , password , album,=0D
id , table , desc , doc , mname , max , htpl ,pheader , & more...=0D
are not properly sanitized in "Index.php".=0D
This can be used to post arbitrary HTML or web script code. =0D
Attacker can be execute this url :=0D
index.php?about=[XSS]=0D
index.php?username=GUEST&again=[XSS]=0D
& ...=0D
=0D
II. SQL Injection Vulnerabilities=0D
-------------------------------------------------=0D
Parameters:=0D
about , album , id , use , desc , doc , max , mname , & Other ...=0D
is not properly sanitized before being used in SQL query.=0D
vulnerable Page is : "index.php".=0D
This can be used make any SQL query by injecting arbitrary SQL code.=0D
Attacker can be execute this url :=0D
index.php?about=[SQL Query]&use=ezportal.home.about.this.template=0D
index.php?doc=[SQL Query]&etpl=ezp.home.update.status&ukey=_zdoc.zdoc.group=0D
& other ...=0D
=0D
III. Authentication Bypass Vulnerability=0D
-------------------------------------------------=0D
"Administration Area" script has no any authentication. =0D
Any user can get access to administrator's area.Just need to know script name=0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH