poc2
Critical Unrestricted File Upload vulnerability found @ Web-Based Teaching System (Myanmar) URL : http://www.wbts.com.mm

Malicious Attacker can upload some file to server without permission ! And It has persistent XSS vulnerability.

Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim’s browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

poc3

In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.

The persistent XSS can be triggered just by browsing a Web Application with code injected into it. (This depends on which page has code injected, in case the target is not globally affected on all pages loaded by the user.)

Details

=======

Used Product :  ColdFusion 9

Vulnerability Type : Unrestricted File Upload & Persistent XSS

Security Risk : Critical

Effected URL : http://www.wbts.com.mm/dcs/act_reg.cfm

CVE : CVE-2005-0254

CVE URL : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE2005-0254

Informed to :- Webmaster

This is vulnerability is posted at Vulnerabilities Research Page : http://www.planetcreator.net/category/hacking/

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

FBI Fears Chinese Hackers and/or Government Agents Have Back Door Into US Government & Military Computer Networks

ome months ago, my contacts in the defense industry had alerted me to a startling development that has escalated to the point of near-panick in nearly all corners of Government

Read More

Hacking New Year

You hack for the good of your own enjoyment, but “The more you hack, The more we get highly job opportunities in Security Fields” 🙂 hAcking N3w Y3@r

Read More

Introduction on benchmarking attacks

Affected operating systems: ————————— Windows XP Pro Windows 2003 Windows Vista Windows 2008 (all service packs…) And probably some UNIX/Linux systems with some variants… Look by yourself. ================================================== ================================================== Abstract:

Read More