[VIM] bogus [Fwd: myBloggie <= (bloggie_root_path) Remote File Include Vulnerability] (fwd)
rkeith at securityfocus.com
rkeith at securityfocus.com
Fri Jan 12 10:06:47 EST 2007
Most of the files each predefine the 'bloggie_root_path' parameter.
In index.php:
$bloggie_root_path = "";
In genscode.php:
$bloggie_root_path = './';
And there is anti-hacking code to make sure 'index.php' is called:
if ( !defined('IN_BLOGGIE') )
{
die("Hacking attempt");
}
--
Rob Keith
Symantec
-------- Original Message --------
Subject: myBloggie <= (bloggie_root_path) Remote File Include Vulnerability
Date: Sat, 06 Jan 2007 04:31:27 +0300
From: Mr.3FReeT HaCKer Mr.3FReeT HaCKer <r.5.7 at hotmail.com>
To: webmaster at securityfocus.com
CC: listadmin at securityfocus.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
myBloggie <= (bloggie_root_path) Remote File Include Vulnerability
Found By : Mr.3FReeT
Risk : High
Class : Remote File Include
URL : http://mywebland.com/dl.php?id=20
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Code in : index.php , genscode.php , init.php ..... > May be all :) <
include_once($bloggie_root_path.'config.php');
include_once($bloggie_root_path.'includes/db.php');
include_once($bloggie_root_path.'includes/template.php');
include_once($bloggie_root_path.'includes/functions.php');
include_once($bloggie_root_path.'includes/function-format.php');
include_once($bloggie_root_path.'includes/classes.php');
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit :.
^^^^
www.site.com/[path]/index.php?bloggie_root_path=shellcode.txt?
www.site.com/[path]/init.php?bloggie_root_path=shellcode.txt?
www.site.com/[path]/genscode.php?bloggie_root_path=shellcode.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GreeTz to : [ Dr.2 ] , [ Asbmay ] , [ General C ] , [ Qt^RoCK ] , All Dmar7
Team ....
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the VIM
mailing list