XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering



Author:

AzzCoder

Type:

webapps


Platform:

PHP

Date:

2008-07-25


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

##############################################################

XMRS Multiple Vulnerabilities (ZeroDay at 25-07-2008)
Author: AzzCoder [azzcoder@hotmail.com]
Product: http://www.xrms.org/
Product Type: CRM
Thanks: coresecurity.com

Remote File Inclusion
	File: activities/workflow-activities.php
	Variable: $include_directory
	Required register_globals: Yes

XSS
	Multiple Files
	Variable: $msg
	Quote limitations: Yes

Information Gathering
	tests/info.php
	phpinfo() call

##############################################################

# milw0rm.com [2008-07-25]