Simple PHP Blog Install05.PHP Local File Include Vulnerability
BID:17102
Info
Simple PHP Blog Install05.PHP Local File Include Vulnerability
| Bugtraq ID: | 17102 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2006 12:00AM |
| Updated: | Mar 16 2006 06:25AM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
Simple PHP Blog Simple PHP Blog 0.4.7 Simple PHP Blog Simple PHP Blog 0.4.6 Simple PHP Blog Simple PHP Blog 0.4.5 Simple PHP Blog Simple PHP Blog 0.4 Simple PHP Blog Simple PHP Blog 0.4.7.1 |
| Not Vulnerable: | |
Discussion
Simple PHP Blog Install05.PHP Local File Include Vulnerability
Simple PHP Blog is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Version 0.4.7.1 and prior are vulnerable; other versions may be affected as well.
Simple PHP Blog is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Version 0.4.7.1 and prior are vulnerable; other versions may be affected as well.
Exploit / POC
Simple PHP Blog Install05.PHP Local File Include Vulnerability
An exploit is not required.
Example exploit code has been supplied:
An exploit is not required.
Example exploit code has been supplied:
Solution / Fix
Simple PHP Blog Install05.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Simple PHP Blog Install05.PHP Local File Include Vulnerability
References:
References:
- rgod exploit code for Simple PHP Blog <= 0.4.7.1 (rgod)
- Simple PHP Blog Homepage (Simple PHP Blog)