BugTraq
Back to list
|
Post reply
Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability
Aug 11 2006 09:32PM
noname nodomain com
(please remove this bid : 19458)
Mafia Moblog isn't vulnerable.
why ?!
Exploit of Mafia is here :
http://www.example.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script]
in big.php we have :
<?php
include("info.php");
include("template.php");
if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");}
include("$pathtotemplate/big.php");
?>
but $pathtotemplate was defined already in template.php
see this line:
include("template.php");
in 'template.php' we have:
<?php
$title = "Mafia Moblog";
$left = "left.php";
$right = "right.php";
$header = "Mafia Moblog";
$subtext = " - v.6M1";
$pathtotemplate = "templates/match plus";
?>
and see this line in 'template.php':
$pathtotemplate = "templates/match plus";
how can you change $pathtotemplate when it is defined ?
I really wondered why did you accept.
This is not good when a web application isn't vulnerable but when you see :
include("$pathtotemplate/big.php");
you think it's vulnerable but actually isn't.
TO : SecurityFocus Moderators and Milw0rm`s Admin
PLEASE DON'T ADD file include bugs kindly.
first check them and then add .
Please Remove Mafia BID.
BID : 19458
http://www.securityfocus.com/bid/19458
sh3ll.ir reported a lot of file include bugs that they are fake . please attention and test it before create BID ID .
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Mafia Moblog isn't vulnerable.
why ?!
Exploit of Mafia is here :
http://www.example.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script]
in big.php we have :
<?php
include("info.php");
include("template.php");
if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");}
include("$pathtotemplate/big.php");
?>
but $pathtotemplate was defined already in template.php
see this line:
include("template.php");
in 'template.php' we have:
<?php
$title = "Mafia Moblog";
$left = "left.php";
$right = "right.php";
$header = "Mafia Moblog";
$subtext = " - v.6M1";
$pathtotemplate = "templates/match plus";
?>
and see this line in 'template.php':
$pathtotemplate = "templates/match plus";
how can you change $pathtotemplate when it is defined ?
I really wondered why did you accept.
This is not good when a web application isn't vulnerable but when you see :
include("$pathtotemplate/big.php");
you think it's vulnerable but actually isn't.
TO : SecurityFocus Moderators and Milw0rm`s Admin
PLEASE DON'T ADD file include bugs kindly.
first check them and then add .
Please Remove Mafia BID.
BID : 19458
http://www.securityfocus.com/bid/19458
sh3ll.ir reported a lot of file include bugs that they are fake . please attention and test it before create BID ID .
[ reply ]