[VIM] bogus [Fwd: microBlog <= (config_file) Remote File Include Vulnerability] (fwd)
rkeith at securityfocus.com
rkeith at securityfocus.com
Fri Jan 12 09:58:32 EST 2007
The email quotes why it is bogus in fact.
$config_file = "./config.php";
include "{$config_file}";
This was not posted to Bugtraq, just forwarding for information
purposes.
--
Rob Keith
Symantec
-------- Original Message --------
Subject: microBlog <= (config_file) Remote File Include Vulnerability
Date: Sat, 06 Jan 2007 04:51:46 +0300
From: Mr.3FReeT HaCKer Mr.3FReeT HaCKer <r.5.7 at hotmail.com>
To: webmaster at securityfocus.com
CC: listadmin at securityfocus.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
microBlog <= (config_file) Remote File Include Vulnerability
Found By : Mr.3FReeT
Risk : High
Class : Remote File Include
URL : http://www.hotscripts.com/jump.php?listing_id=53733&jump_type=1
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Code in : index.php , rss.php , upgrade.php
$config_file = "./config.php";
include "{$config_file}";
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ExploiT :.
^^^^
www.site.com/[path]/index.php?config_file=shellcode.txt?
www.site.com/[path]/rss.php?config_file=shellcode.txt?
www.site.com/[path]/upgrade.php?config_file=shellcode.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GReeTz To : [ Dr.2 ] , [ Asbmay ] , [ General C ] , [ Q8^RoCK ] , And Dmar7
TeaM
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the VIM
mailing list