Bugtraq mailing list archives
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability
From: noname () nodomain com
Date: 11 Aug 2006 21:32:13 -0000
(please remove this bid : 19458) Mafia Moblog isn't vulnerable. why ?! Exploit of Mafia is here : http://www.example.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script] in big.php we have : <?php include("info.php"); include("template.php"); if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");} include("$pathtotemplate/big.php"); ?> but $pathtotemplate was defined already in template.php see this line: include("template.php"); in 'template.php' we have: <?php $title = "Mafia Moblog"; $left = "left.php"; $right = "right.php"; $header = "Mafia Moblog"; $subtext = " - v.6M1"; $pathtotemplate = "templates/match plus"; ?> and see this line in 'template.php': $pathtotemplate = "templates/match plus"; how can you change $pathtotemplate when it is defined ? I really wondered why did you accept. This is not good when a web application isn't vulnerable but when you see : include("$pathtotemplate/big.php"); you think it's vulnerable but actually isn't. TO : SecurityFocus Moderators and Milw0rm`s Admin PLEASE DON'T ADD file include bugs kindly. first check them and then add . Please Remove Mafia BID. BID : 19458 http://www.securityfocus.com/bid/19458 sh3ll.ir reported a lot of file include bugs that they are fake . please attention and test it before create BID ID .
Current thread:
- Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability sh3ll (Aug 10)
- <Possible follow-ups>
- Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability noname (Aug 14)