exploits , vulnerabilities , articles , Tribiq CMS Multiple Local File Include and Cross Site Scripting Vulnerabilities
| Title |
Tribiq CMS Multiple Local File Include and Cross Site Scripting Vulnerabilities |
| Published |
2009-06-24-12:00AM |
| Updated |
2009-06-26-08:30PM |
| Class |
Input Validation Error |
| CVE |
|
| Remote |
Yes |
| Local |
No |
| Credit |
CraCkEr |
| Vulnerable |
Tribiq Tribiq CMS 5.0.12c
|
| Not Vulnerable |
|
| Code |
Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into visiting a malicious URI.The following example URIs are available:http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/masthead.inc.php?template_path=[LFI]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[LFI]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/toppanel.inc.php?template_path=[LFI]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?template_path=[LFI]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[LFI]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errordisplay=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errormessage=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[title]=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threadlastpost]=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[replies]=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threads]=[XSS]
http://www.example.com/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[description]=[XSS]
http://www.example.com/path/tb/common/tb_foot.inc.php?tbFootNonStandardFooter=[XSS] |
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Wed, 16 Dec 2009 11:31:23 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.tzjfh. phpBB+foru namitha Www.Indian pissing bo jiahedyy.c news for c alba adrai iidicyfyle wwwsexypho sax vidoe joomla sonia 89.com sex www.3plc.c red hat 4 SEXY GARL. freesaxeim www world ewliao.cn ca antivir namitha koreansing SEXY GARL. FREE SEX e107 CMS is Fre Www.xxxsex x videos c sexcyphoto Www.tamil. Wap4sex.co Www indian securityDo www.batlle Download c www.sex.pk Mike.brazi jiahedyy.c cisco acce 15642 News searc phpboard www.yx468. sexey wome www.sexysa 21/tcp 200 /compo vsftpd 1. www.868g.c
|
