SHARE
TWEET

Logz 1.5.7 Full Path Disclosure & HTML Injection

a guest Feb 24th, 2012 152 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: Logz 1.5.7 Full Path Disclosure & HTML Injection
  2. # Date: 24/02/2012
  3. # Author: Fr_Security
  4. # Software Link: http://www.logz.org/cat-download-tit-3-Telechargement#txtart-19
  5. # Version: 1.5.7
  6.  
  7. # Vulnerability Type: Full Path Disclosure
  8. # Vulnerability Details:
  9.  
  10. The vulnerabilities are in the file and the file /gestion.php
  11. and moderate.php not properly control the content of variables
  12. An attacker can exploit this to find out the rootpath a website.
  13.  
  14. # Example:
  15.  
  16. http://127.0.0.1/logz/gestion.php?ordre=categorie&debut=[Full Path Disclosure]
  17.  
  18. # Vulnerability Type: HTML Injecyion
  19. # Vulnerability Details:
  20.  
  21. It is possible to perform XSS injection in the following variables:
  22.  
  23. ordre=[HTML Injection]
  24. debut=[HTML Injection]
  25.  
  26.  
  27. # Example:
  28.  
  29. http://127.0.0.1/logz/gestion.php?ordre=categorie&debut=[HTML Injection]
  30. http://127.0.0.1/logz/gestion.php?ordre=[HTML Injection]
  31.  
  32. -------------------------------------------------------------------------------------
RAW Paste Data
Top