[VIM] bogus [Fwd: microBlog <= (config_file) Remote File Include Vulnerability] (fwd)

rkeith at securityfocus.com rkeith at securityfocus.com
Fri Jan 12 09:58:32 EST 2007


The email quotes why it is bogus in fact.

$config_file = "./config.php";
include "{$config_file}";


This was not posted to Bugtraq, just forwarding for information 
purposes.

--
Rob Keith
Symantec

-------- Original Message --------
Subject: microBlog <= (config_file) Remote File Include Vulnerability
Date: Sat, 06 Jan 2007 04:51:46 +0300
From: Mr.3FReeT HaCKer Mr.3FReeT HaCKer <r.5.7 at hotmail.com>
To: webmaster at securityfocus.com
CC: listadmin at securityfocus.com

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

microBlog <= (config_file) Remote File Include Vulnerability

Found By : Mr.3FReeT

Risk : High

Class : Remote File Include

URL : http://www.hotscripts.com/jump.php?listing_id=53733&jump_type=1

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Code in :  index.php , rss.php , upgrade.php

$config_file = "./config.php";
include "{$config_file}";

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

ExploiT :.
^^^^
www.site.com/[path]/index.php?config_file=shellcode.txt?
www.site.com/[path]/rss.php?config_file=shellcode.txt?
www.site.com/[path]/upgrade.php?config_file=shellcode.txt?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

GReeTz To : [ Dr.2 ] , [ Asbmay ] , [ General C ] , [ Q8^RoCK ] , And Dmar7
TeaM

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


More information about the VIM mailing list