injection
[image: Imágenes integradas 1] - When you go to preview page (in this case products), you can see the injection: [image: Imágenes integradas 2] 2.- Information Disclosure When you put %00 in moduleClassName you can see the full path of the installation of ZurmoCRM: /http://ift.tt/1l3dGcB modulesMenu?moduleClassName=%00 [image: Imágenes integradas 3] 3.- XSS When you create a list in the "check list" field you can insert a XSS code: http://ift.tt/1ToT3D0 [image: Imágenes integradas 4] All issues are reported: http://ift.tt/1l3dEBD You can test this issues in the demo page: http://ift.tt/14iyTyY Regards. -Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment