RW::Download 4.0.8 File Inclusion / SQL Injection

2015-12-26T00:00:00
ID PACKETSTORM:135077
Type packetstorm
Reporter indoushka
Modified 2015-12-26T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0   
0 _ __ __ __ 1   
1 /' \ __ /'__`\ /\ \__ /'__`\ 0   
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1   
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0   
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1   
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0   
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1   
1 \ \____/ >> Exploit database separated by exploit 0   
0 \/___/ type (local, remote, DoS, etc.) 1   
1 1   
0 [+] Site : http://0day.today 0   
1 [+] Support e-mail : submit[at]inj3ct0r.com 1   
0 0   
1 #################################### 1   
0 I'm indoushka member from Inj3ct0r Team 1   
1 #################################### 0   
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
| # Title : RWDownload v4.0.8 Multi Vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on: windows 8.1 Français V.(Pro)  
| # Vendor : http://www.rwscripts.com/  
========================================================================  
  
Poc :  
  
L/R file inclusion:  
  
Line : 134  
Function : require_once  
variables : $langpref  
Path : C:\www\UPLOAD\index.php  
  
http://3dcars.crystaldemon.com/index.php?langpref=her yours  
  
SQl injection :  
  
http://3dcars.crystaldemon.com/index.php?url=&cid= inject her  
Greetz :   
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com   
Hussin-X *D4NB4R* KnocKout * https://www.corelan.be  
---------------------------------------------------------------------------------------  
`