Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: b06-1674.htm

Tiny PHP forum - vulns
Tiny PHP forum - vulns
Tiny PHP forum - vulns

~ Summery :
Name          : Tiny PHP forum v3.6
Software : 
Discovered by : Hessam-x (Hessam M.Salehi) - 

~ Vulnerabilities :
I. Cross-site Scripting
 A.Input code to the "uname" in profile.php
 B.input code in login name and login , in erorr page you can see xss code!

II. Access to hash password
This use very bad method for save hash password.
user's password save in a file,for example admin's password
saved in this file :

Iran Hackerz Security Team , 2006-04-16

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH