Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Comdev One Admin 4.1 Remote File Inclusion

From: disfigure <disfigure () gmail com>
Date: Tue, 17 Oct 2006 21:50:03 -0500
/****************************************/

http://www.w4cking.com

CREDIT:
w4ck1ng.com

PRODUCT:
Comdev One Admin 4.1
http://www.comdevweb.com/oneadmin.php

VULNERABILITY:
Remote File Inclusion

NOTES:
- requires register globals on
- requires magic quotes off

POC:
<host>/<path>/oneadmin/adminfoot.php?path[docroot]=<local/remote file>

ADVISORY & EXPLOIT (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1491

/****************************************/
Previous By Date Next
Previous By Thread Next

Current thread: