[VIM] bogus [Fwd: myBloggie <= (bloggie_root_path) Remote File Include Vulnerability] (fwd)

rkeith at securityfocus.com rkeith at securityfocus.com
Fri Jan 12 10:06:47 EST 2007


Most of the files each predefine the 'bloggie_root_path' parameter.

In index.php:
$bloggie_root_path = "";

In genscode.php:
$bloggie_root_path = './';

And there is anti-hacking code to make sure 'index.php' is called:

if ( !defined('IN_BLOGGIE') )

{

     die("Hacking attempt");

}

--
Rob Keith
Symantec


-------- Original Message --------
Subject: myBloggie <= (bloggie_root_path) Remote File Include Vulnerability
Date: Sat, 06 Jan 2007 04:31:27 +0300
From: Mr.3FReeT HaCKer Mr.3FReeT HaCKer <r.5.7 at hotmail.com>
To: webmaster at securityfocus.com
CC: listadmin at securityfocus.com

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

myBloggie <= (bloggie_root_path) Remote File Include Vulnerability

Found By : Mr.3FReeT

Risk : High

Class : Remote File Include

URL : http://mywebland.com/dl.php?id=20

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Code in : index.php , genscode.php , init.php ..... > May be all :) <

include_once($bloggie_root_path.'config.php');
include_once($bloggie_root_path.'includes/db.php');
include_once($bloggie_root_path.'includes/template.php');
include_once($bloggie_root_path.'includes/functions.php');
include_once($bloggie_root_path.'includes/function-format.php');
include_once($bloggie_root_path.'includes/classes.php');

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit :.
^^^^
www.site.com/[path]/index.php?bloggie_root_path=shellcode.txt?
www.site.com/[path]/init.php?bloggie_root_path=shellcode.txt?
www.site.com/[path]/genscode.php?bloggie_root_path=shellcode.txt?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

GreeTz to : [ Dr.2 ] , [ Asbmay ] , [ General C ] , [ Qt^RoCK ] , All Dmar7
Team ....

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


More information about the VIM mailing list