header-logo
Suggest Exploit
vendor:
PopScript
by:
7.5
CVSS
HIGH
Remote File-Include, SQL-Injection, and Local File-Include
94, 89
CWE
Product Name: PopScript
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

PopScript Remote File-Include, SQL-Injection, and Local File-Include Vulnerabilities

PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in any database queries or file inclusions. Implement strong input validation and parameterized queries to prevent SQL injection attacks. Regularly update the software to apply patches and security fixes.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48113/info

PopScript is prone to a remote file-include vulnerability, an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. 

http://www.example.com/PopScript/index.php?act=inbox&mode=1 [ SQL injection ]
http://www.example.com/index.php?mode=[Shell txt]?&password=nassrawi&remember=ON

Navigation

Suggest Exploit

Services By CQR