Bugtraq mailing list archives
Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit
From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 5 Jun 2006 21:52:21 -0400 (EDT)
nukedx said:
This is not vulnerable,PHP-Nuke having a special in their files and when includes mainfile.php it overwrites the global variables and it caused to make an arbitrary file inclusion. But in MyBloggie there is no common vulnerability like it.
In the source code for 2.1.1, many files have code like this: $mybloggie_root_path = './'; include_once($mybloggie_root_path.'config.php'); ... so at least there isn't any obvious evidence of this issue, based on a casual inspection. Also - "scode.php" as mentioned by MHG does not exist in MyBloggie at all, so maybe the site has been modified. - Steve
Current thread:
- # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit erne ayaz (Jun 02)
- <Possible follow-ups>
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit nukedx (Jun 04)
- Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit Steven M. Christey (Jun 06)