nukedx said: >This is not vulnerable,PHP-Nuke having a special in their files and >when includes mainfile.php it overwrites the global variables and it >caused to make an arbitrary file inclusion. > >But in MyBloggie there is no common vulnerability like it. In the source code for 2.1.1, many files have code like this: $mybloggie_root_path = './'; include_once($mybloggie_root_path.'config.php'); ... so at least there isn't any obvious evidence of this issue, based on a casual inspection. Also - "scode.php" as mentioned by MHG does not exist in MyBloggie at all, so maybe the site has been modified. - Steve
