TinyPHP-3.6.txt

TinyPHP-3.6.txt: Posted Apr 19, 2006; Authored by Hessam-x | Site hessamx.net; Tiny PHP forum v3.6 suffers from XSS and allows access to the admin password hash.; tags | advisory, php; SHA-256 | d772dfdfa4c342525d044df730f437ecb313c7d07838234364b957d69f4d0c13; Download | Favorite | View

TinyPHP-3.6.txt

~ Summery :
------------------------------
Name          : Tiny PHP forum v3.6
Software      : http://sourceforge.net/projects/tinyphpforum/
Discovered by : Hessam-x (Hessam M.Salehi) - www.hessamx.net

~ Vulnerabilities :
------------------------------
I. Cross-site Scripting
 A.Input code to the "uname" in profile.php
profile.php?action=view&uname=<script>alert("Xss")</script>
 B.input code in login name and login , in erorr page you can see xss code!

II. Access to hash password
This use very bad method for save hash password.
user's password save in a file,for example admin's password
saved in this file :
http://localhost/tpforum/users/admin.hash

Iran Hackerz Security Team , 2006-04-16

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

TinyPHP-3.6.txt

TinyPHP-3.6.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TinyPHP-3.6.txt

Share This

TinyPHP-3.6.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems