Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: CMS / Portals :: tb10027.htm


vendor website: 
bug: multiples file upload,xss,full path disclosure,error sql
global risk: critical

file upload :
there's actually 2 ways to upload a file  on w-agora :

1)on the forum you can post some attached file with your message and you can upload any kind of file 
then your file will be located here :  ( hello = name of the forum ) then you can just browse
to find out where is your file.

2) ( replace hello , by your forum name. ) 
with this script you can upload any file with a double extension like : file.php.jpg
the file will be located here : 

full path:[]=agora[][]=hello[][][][]=subject[]=1[]=0 

xss get : 

error sql :[body]=1&search_fields[subject]=1&search_forum='[sql][body]=1&search_fields[subject]=1&search_forum=hello_hello&search_mode=0&search_user='[sql] 

regards laurent gaffi=E9

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH