TUCoPS :: Web BBS :: etc :: b06-1674.htm

Tiny PHP forum - vulns
Tiny PHP forum - vulns
Tiny PHP forum - vulns


~ Summery :
------------------------------
Name          : Tiny PHP forum v3.6
Software : http://sourceforge.net/projects/tinyphpforum/ 
Discovered by : Hessam-x (Hessam M.Salehi) - www.hessamx.net 

~ Vulnerabilities :
------------------------------
I. Cross-site Scripting
 A.Input code to the "uname" in profile.php
profile.php?action=view&uname=
 B.input code in login name and login , in erorr page you can see xss code!

II. Access to hash password
This use very bad method for save hash password.
user's password save in a file,for example admin's password
saved in this file :
http://localhost/tpforum/users/admin.hash 

Iran Hackerz Security Team , 2006-04-16

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH