Description - PHP Code Execution and Multiple XSS in ShoutLIVE
PHP Code Execution found in ShoutLIVE script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. PHP Code Execution
Vulnerable Script: savesettings.php
All user-defined variables are not sanitized before being written into settings.php
This can be used to inject arbitrary PHP code.
System access is possible.
2. Multiple Cross-Site Scripting
Vulnerable Script: post.php
All user-defined variables are not sanitized when posting new message. This can be used to inject arbitrary HTML or JavaScript code.
Order Source Code Testing made by eVuln team
Defend against hacking by source code review of your website made by eVuln team.The work will be done by specialists in website security.