Description - XSS and PHP Code Insertion in N.T.

Multiple Vulnerabilities found in N.T. script.

Exploit
Available
Solution
Not available - check Chucky A. Ivey website

1. Cross-Site Scripting

Vulnerable Script: index.php

Parameter username is not properly sanitized. This can be used to post arbitrary HTML or web script code. This code will be executed when administrator will visit "Login Log" page.

Administrator's session is threatened.

2. PHP Code Insertion

Administrator has an ability to edit variables in ticker.db.php file. Script dont make any sanitation of entered values. This can be used to insert arbitrary PHP code.

System access is possible.

Order PHP Code Review

You may order source code review of your site made by our team.The order will be done by specialists in website security.

Advisories by vuln type