[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : xrms 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities
# Published : 2008-07-25
# Author : AzzCoder
# Previous Title : TriO <= 2.1 (browse.php id) Remote SQL Injection Vulnerability
# Next Title : Camera Life 2.6.2 (id) Remote SQL Injection Vulnerability
##############################################################
XMRS Multiple Vulnerabilities (ZeroDay at 25-07-2008)
Author: AzzCoder [azzcoder@hotmail.com]
Product: http://www.xrms.org/
Product Type: CRM
Thanks: coresecurity.com
Remote File Inclusion
File: activities/workflow-activities.php
Variable: $include_directory
Required register_globals: Yes
XSS
Multiple Files
Variable: $msg
Quote limitations: Yes
Information Gathering
tests/info.php
phpinfo() call
##############################################################
# www.Syue.com [2008-07-25]