Description - Multiple XSS and SQL Injection in @1 File Store

Multiple Vulnerabilities found in @1 File Store script.

Exploit
Available
Solution
Not available - check vendor's website

1. Multiple XSS Vulnerabilities

Vulnerable script: signup.php

Parameters 'real_name', 'email', 'login' are not properly sanitized. This can be used to post arbitrary HTML or JavaScript code.


2. Multiple SQL Injection Vulnerabilities

'id' parameter is not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.

'email' parameter in password.php is also not properly sanitized before being used in SQL query and allows to make any SQL query.

Condition: magic_quotes_gpc = off

Vulnerable scripts:
libs/functions.php
libs/user.php
control/files/edit.php
control/files/delete.php
control/users/edit.php
control/users/delete.php
control/folders/edit.php
control/folders/access.php
control/folders/delete.php
control/groups/edit.php
control/groups/delete.php
confirm.php
download.php
password.php

Order Source Code Test

Protect a website by source code audit of your site made by our team.The order will be done by specialists in website security.

Advisories by vuln type