z1ckX

3 exploits Active since Dec 2006
CVE-2006-6872 EXPLOITDB text WORKING POC
eNdonesia 8.4 - Directory Traversal via mod.php mod Parameter
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
CVE-2006-6871 EXPLOITDB text WORKING POC
eNdonesia 8.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
CVE-2006-6873 EXPLOITDB text WORKING POC
eNdonesia 8.4 - SQL Injection via mod.php did or cid Parameter
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.