RSform!Pro versions 1.3.0 and below suffer from a remote shell upload vulnerability.
72319f37657e3ffbf18c3ee7f8cd880285e32e0cce5cd6babe2185cf1068f2a2###################################################################################
RSform!Pro <= 1.3.0 - Remote Shell Upload Vulnerability
[-] Author: Ibrahim Raafat
[-] Twitter: https://twitter.com/RaafatSEC
[-] Reported to vendor : 7 September 2014
[-] Response: Extremely old
[+] Details:
Upload shell.php.zip from the form and the shell will be uploaded to the server on this path
/components/com_rsform/uploads/
and it will be executable
May be another versions are vulnerable also to the same vulnerability
=> There is a reflected XSS Vulnerability in the form .. Birth_date parameter
</script><script>alert(1337)<script>
###################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed