Feed2JS is a tool for user-friendly(developer-wise) embedding the RSS feeds on the pages without messing with XML.
I’ve found out today that it’s vulnerable to local file disclosure (all your /etc/passwds could be stolen).
It could be used for remote file inclusion as well.
more here.............http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
I’ve found out today that it’s vulnerable to local file disclosure (all your /etc/passwds could be stolen).
It could be used for remote file inclusion as well.
more here.............http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/