Full Disclosure: Re: Geeklog <= v1.6.0sr2 - Remote File Upload

[啊賢. <underclasslv () gmail com>]

> > > Successful exploitation requires the ability to execute the uploaded
JavaScript.
> > > The Geeklog Forum program can be used as an attack vector since it does
not
> > > properly validate many $_GET / $_POST variables.
> > Could you give us some more details about these XSS vulnerabilities ? :)
> >
> > Cause all I see here is a RCE in the admin panel.
> > You confirm that there are XSS but we don't have any details about
them...

> The
> easy one is when the forum allows anonymous posts and is configured for
> text posts.  The anonymous user name is never filtered, so you can put
> anything there, including a reference to the javascript uploaded as the
> user profile image..
> <script src="../images/userphotos/username.jpg"></script>
How about the php flaw?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/