Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: c07-2478.htm

MTCMS multiple upload vulnerabilities



MTCMS multiple upload vulnerabilities
MTCMS multiple upload vulnerabilities



avatar upload vulnerability:
upload any kind of file in:
site.com/MTCMS-V2.2/?a=gallery&b=add_down
and approuved or not it will be here :
/uploads/pictures/
same thing for : add link 
/index.php?a=links&b=add_link

xss permanent on Contact Us :
message & title fields are vulnerable to an xss attack.
this kind of xss are pretty dangerous, because you send the malicious message to an admin.
so you can get his cookie.

regards laurent gaffi=E9


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH