Noguska Nola 1.1.1 [ Intranet Business Management Software ]

[sindhi () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Noguska Nola 1.1.1 [ Intranet Business Management Software ]

.: Software Desciption :.

- - compied from their site -

Redefining the scope of Enterprise Software
The NOLA web based software package allows your business to effortlessly reach further than previously thought 
possible. NOLA provides your company's accounting, inventory, point of sale, contact management, billing, puchasing, 
and reporting all in one integrated package. NOLA takes e-commerce to the next step, allowing for real time inventory 
quantity updates. Users are able to do ANYTHING from ANYWHERE.

Rock solid stability
The NOLA system is built around a secure, open platform. NOLA ships with the Apache Web Server, the most widely used 
web server in the world. Apache is used to serve more web sites than every other web server combined1. Also supplied is 
the MySQL database engine, a lightning fast SQL server designed for large amounts of data. MySQL is also used by NASA 
and Yahoo!. According to the Netcraft Feb 2001 Survey.

- -- snip --

Risks: Very High
Simplicity: LMAO!!

.: Bug Description :.

It's possible to upload php code with certain file extensions such as: .php4, .phtml, .html etc.. using all upload 
fields in the whole application.
Vendor did not think of verifying user input.

.: Imagination :.

An attacker can also C code and compile using php as his command line interpreter. I leave the rest to a malicious 
imagination.

Sindhi


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlsEARECABsFAj0hfpcUHHNpbmRoaUBodXNobWFpbC5jb20ACgkQ9YONtXFfqrAqBQCg
oaxgP33c486DEkdVvSy2jgSTbjoAoLksRwHfB3rNemZa2O3Z3Pu0yF78
=uDEv
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople