Active Members Fi8sVrs Posted December 27, 2015 Active Members Report Posted December 27, 2015 (edited) RW::Download version 4.0.8 suffers from remote and local file inclusion and remote SQL injection vulnerabilities.1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : http://0day.today 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 #################################### 1 0 I'm indoushka member from Inj3ct0r Team 1 1 #################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1| # Title : RWDownload v4.0.8 Multi Vulnerability| # Author : indoushka| # email : indoushka4ever@gmail.com| # Tested on: windows 8.1 Français V.(Pro)| # Vendor : http://www.rwscripts.com/========================================================================Poc :L/R file inclusion:Line : 134Function : require_oncevariables : $langprefPath : C:\www\UPLOAD\index.phphttp://3dcars.crystaldemon.com/index.php?langpref=her yoursSQl injection :http://3dcars.crystaldemon.com/index.php?url=&cid= inject herGreetz : jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com Hussin-X *D4NB4R* KnocKout * https://www.corelan.be---------------------------------------------------------------------------------------https://packetstormsecurity.com/files/135077/RW-Download-4.0.8-File-Inclusion-SQL-Injection.html Edited December 27, 2015 by Fi8sVrs 2 Quote
