header-logo
Suggest Exploit
vendor:
TorrentTrader Classic
by:
HACKERS PAL
7.5
CVSS
HIGH
Multiple Remote vulnerabilities
CWE
Product Name: TorrentTrader Classic
Affected Version From: v1.07
Affected Version To: v1.07
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

TorrentTrader Classic Mutiple Remote vulnerabilities

This vulnerability allows for local file inclusion and cross-site scripting (XSS) attacks. The first vulnerability can be exploited by accessing the backend/admin-functions.php file with a malicious ss_uri parameter. The second vulnerability can be exploited by accessing the pjirc/css.php or browse.php files with a malicious color or cat parameter respectively. These vulnerabilities can be used to execute arbitrary code or steal sensitive information from the affected system.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update to a newer version of TorrentTrader Classic that includes patches for these issues. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

TorrentTrader Classic Mutiple Remote vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

Tested on TorrentTrader Classic v1.07
local file inclusion
backend/admin-functions.php?ss_uri=dd
Xss
pjirc/css.php?color=<script>alert(document.cookie);</script>
browse.php?cat=<script>alert(document.cookie);</script>
# WwW.SoQoR.NeT

# milw0rm.com [2007-10-08]

Navigation

Suggest Exploit

Services By CQR