header-logo
Suggest Exploit
vendor:
Xonic.ru News
by:
SecurityFocus
8.8
CVSS
HIGH
Insufficient Sanitization
20
CWE
Product Name: Xonic.ru News
Affected Version From: Xonic.ru News
Affected Version To: Xonic.ru News
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

Insufficient Sanitization Vulnerability in Xonic.ru News

Xonic.ru News is vulnerable to an attack due to insufficient sanitization of user-supplied data to the 'script.php' file. An attacker can pass malicious PHP or shell commands in requests to a target server, which will be executed with the privileges of the vulnerable application.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7365/info

A vulnerability has been reported for Xonic.ru News. The problem occurs due to insufficient sanitization of user-supplied data to the 'script.php' file. As a result, it may be possible for an attacker to pass malicious PHP or shell commands in requests to a target server. All commands would be executed on the system with the privileges of the vulnerable application.

http://www.example.org/admin/script.php?data=script.php?data=<? system($cmd) ?>

Navigation

Suggest Exploit

Services By CQR