Multiple XSS and SQL Injection in @1 File Store
- Multiple XSS and SQL Injection in @1 File Store
- Last Update
- 2006.03.21 Exploitation code published
- CVE-2006-1277 CVE-2006-1278
- Risk Level
- Multiple Vulnerabilities
- Unpatched. Vendor notyfied.
- Vulnerable Software
- @1 File Store (http://www.upoint.info/cgi/download/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Multiple Vulnerabilities found in @1 File Store (http://www.upoint.info/cgi/download/) script.1. Multiple XSS Vulnerabilities
Vulnerable script: signup.php
2. Multiple SQL Injection Vulnerabilities
'id' parameter is not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.
'email' parameter in password.php is also not properly sanitized before being used in SQL query and allows to make any SQL query.
Condition: magic_quotes_gpc = off
PoC/Exploit1. Cross-Site Scripting Example:
Real Name: [XSS]
2. SQL Injection Examples:
E-mail: 99999' union select 1,2,3,4,5,6,7,8,9,10,'hello','world','[send_to_email]',14,15,16/*
Solution for "Multiple XSS and SQL Injection in @1 File Store" is not available. Check vendor's website for updates.
Order Source Code Test made by eVuln
Protect against hacking by source code review of your website or web application made by Aliaksandr Hartsuyeu.The work will be done by specialists in web application security.