Bugtraq mailing list archives
MTCMS multiple upload vulnerabilities
From: none () none com
Date: 23 Feb 2007 18:17:31 -0000
avatar upload vulnerability: upload any kind of file in: site.com/MTCMS-V2.2/?a=gallery&b=add_down and approuved or not it will be here : /uploads/pictures/ same thing for : add link /index.php?a=links&b=add_link xss permanent on Contact Us : message & title fields are vulnerable to an xss attack. this kind of xss are pretty dangerous, because you send the malicious message to an admin. so you can get his cookie. regards laurent gaffiƩ
Current thread:
- MTCMS multiple upload vulnerabilities none (Feb 26)