Living Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities

2009.03.29
Credit: Bgh7
Risk: Low
Local: No
Remote: No
CWE: CWE-79

Authot: Bgh7 Home: http://ozelteam.com - Turk Bilisim G&#195;&#188;cleri Pst: bybgh7@msn.com ============================= Dork: allinurl:clientsignup.php "classifieds" Dork2: Powered By: Living Local V1.1 Demo: http://www.jerseyads.net/listtest.php?r="><script>alert()</script> Demo2: http://homes.relatedlistings.com/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php http://homes.relatedlistings.com/Member_Admin/ E-Mail: bybgh7@msn.com Password: tbg1122 ============================= you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol ) and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap ) after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] ) or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yaz&#195;&#189;s&#195;&#189;na tIkla sonra da edit butonuna tIkla ) and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et ) after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin ) if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI ) after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna T&#195;&#189;kla acIlan sayfada logonun ustunde sag tIkla ozellikleri T&#195;&#189;kla linki kopyala sonrada shelle ulas ) ========================== Thanks: str0ke -

References:

http://xforce.iss.net/xforce/xfdb/47214
http://www.securityfocus.com/bid/32761
http://www.milw0rm.com/exploits/7408


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top