Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Logz 1.5.7 Full Path Disclosure & HTML Injection
- # Date: 24/02/2012
- # Author: Fr_Security
- # Software Link: http://www.logz.org/cat-download-tit-3-Telechargement#txtart-19
- # Version: 1.5.7
- # Vulnerability Type: Full Path Disclosure
- # Vulnerability Details:
- The vulnerabilities are in the file and the file /gestion.php
- and moderate.php not properly control the content of variables
- An attacker can exploit this to find out the rootpath a website.
- # Example:
- http://127.0.0.1/logz/gestion.php?ordre=categorie&debut=[Full Path Disclosure]
- # Vulnerability Type: HTML Injecyion
- # Vulnerability Details:
- It is possible to perform XSS injection in the following variables:
- ordre=[HTML Injection]
- debut=[HTML Injection]
- # Example:
- http://127.0.0.1/logz/gestion.php?ordre=categorie&debut=[HTML Injection]
- http://127.0.0.1/logz/gestion.php?ordre=[HTML Injection]
- -------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement