BugTraq
Back to list
|
Post reply
Re: myBloggie <= 2.1.3 (mybloggie_root_path) Remote File Inclusion Vulnerability
Aug 12 2006 03:54PM
nukedx nukedx com
Hi,
I checked these files you said vulnerable and could not see any vulnerability.
Lets check lines 25-34 of index.php:
--source code of index.php lines 25 to 34-
25: //error_reporting('E_ALL');
26:
27: define('IN_MYBLOGGIE', true);
28:
29: session_start();
30: header("Cache-control: private");
31: //error_reporting (E_ERROR | E_WARNING | E_PARSE);
32: set_magic_quotes_runtime(0); // changes for 2.1.3
33:
34: $mybloggie_root_path = './';
-- end of source --
And you said lines 190-192 of index.php is vulnerable.
--source code of index.php lines 190 to 192-
190: if (!isset($mode)) {
191: include($mybloggie_root_path.'blog.php');
192: }
-- end of source --
As we can see variable mybloggie_root_path already set by index.php
We have same results in admin.php and db.php, Please dont post every include() function as a RFI vuln.
Dont post such a messages for being famous.
Regards,
Mustafa Can Bjorn IPEKCI
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
I checked these files you said vulnerable and could not see any vulnerability.
Lets check lines 25-34 of index.php:
--source code of index.php lines 25 to 34-
25: //error_reporting('E_ALL');
26:
27: define('IN_MYBLOGGIE', true);
28:
29: session_start();
30: header("Cache-control: private");
31: //error_reporting (E_ERROR | E_WARNING | E_PARSE);
32: set_magic_quotes_runtime(0); // changes for 2.1.3
33:
34: $mybloggie_root_path = './';
-- end of source --
And you said lines 190-192 of index.php is vulnerable.
--source code of index.php lines 190 to 192-
190: if (!isset($mode)) {
191: include($mybloggie_root_path.'blog.php');
192: }
-- end of source --
As we can see variable mybloggie_root_path already set by index.php
We have same results in admin.php and db.php, Please dont post every include() function as a RFI vuln.
Dont post such a messages for being famous.
Regards,
Mustafa Can Bjorn IPEKCI
[ reply ]