[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060811213213.9199.qmail@securityfocus.com>
Date: 11 Aug 2006 21:32:13 -0000
From: noname@...omain.com
To: bugtraq@...urityfocus.com
Subject: Re: Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion
Vulnerability
(please remove this bid : 19458)
Mafia Moblog isn't vulnerable.
why ?!
Exploit of Mafia is here :
http://www.example.com/[Mafia Moblog]/big.php?pathtotemplate=[Evil Script]
in big.php we have :
<?php
include("info.php");
include("template.php");
if (file_exists("$pathtotemplate/includes.php")) {include("$pathtotemplate/includes.php");}
include("$pathtotemplate/big.php");
?>
but $pathtotemplate was defined already in template.php
see this line:
include("template.php");
in 'template.php' we have:
<?php
$title = "Mafia Moblog";
$left = "left.php";
$right = "right.php";
$header = "Mafia Moblog";
$subtext = " - v.6M1";
$pathtotemplate = "templates/match plus";
?>
and see this line in 'template.php':
$pathtotemplate = "templates/match plus";
how can you change $pathtotemplate when it is defined ?
I really wondered why did you accept.
This is not good when a web application isn't vulnerable but when you see :
include("$pathtotemplate/big.php");
you think it's vulnerable but actually isn't.
TO : SecurityFocus Moderators and Milw0rm`s Admin
PLEASE DON'T ADD file include bugs kindly.
first check them and then add .
Please Remove Mafia BID.
BID : 19458
http://www.securityfocus.com/bid/19458
sh3ll.ir reported a lot of file include bugs that they are fake . please attention and test it before create BID ID .
Powered by blists - more mailing lists