Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: CMS / Portals :: c07-1696.htm

Fix & Chips CMS v1.0
Fix & Chips CMS v1.0
Fix & Chips CMS v1.0

Fix & Chips CMS v1.0 

Vulnerable files:


staff.php XSS
User input in the Announcement box isn't properly sanatized before being generated.

A few PoC's that work:



delete-announce.php XSS 


User input in all of the input boxes when adding a new customer isnt sanatized. For a PoC in any input box when adding a new 

client put:


Because of the above, all malicious user input that is listed on the pages search.php and client-results.php will execute as well.


- Luny

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH