Living Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052088 漏洞类型
发布时间 2009-03-29 更新时间 2009-03-29
CVE编号 CVE-2008-6529
CVE-2008-6530
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009030237
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Authot: Bgh7
 
Home: http://ozelteam.com - Turk Bilisim Gücleri
 
Pst: bybgh7@msn.com
 
=============================
 
Dork: allinurl:clientsignup.php "classifieds"
 
Dork2: Powered By: Living Local V1.1
 
Demo: http://www.jerseyads.net/listtest.php?r="><script>alert()</script>
 
Demo2: http://homes.relatedlistings.com/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php
 
http://homes.relatedlistings.com/Member_Admin/
 
E-Mail: bybgh7@msn.com
Password: tbg1122
=============================
 
you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol )

and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap )

after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] )

or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yaz&#195;&#189;s&#195;&#189;na tIkla sonra da edit butonuna tIkla )

and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et )

after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin )

if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI )

after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy

after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna T&#195;&#189;kla

acIlan sayfada logonun ustunde sag tIkla ozellikleri T&#195;&#189;kla linki kopyala sonrada shelle ulas )
 
 
==========================
 
Thanks: str0ke -