Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
high complexity
blueshoes
nessus
exploit available
Published: 2006-10-12
Updated: 2018-10-17
Summary
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864. The following conditions must be met in order for this vulnerability to be exploited: 1) BlueShoes is installed in the webroot (really not recommended, see installation manual 2) register_globals is on (really really not recommended, off by default since php 4.2.0, read http://www.php.net/register_globals 3) allow_url_fopen is on (on by default, often set to off by hosting providers)
Vulnerable Configurations
Part | Description | Count |
Application | Blueshoes | 1 |
Exploit-Db
description | BlueShoes Framework 4.6 GoogleSearch.PHP Remote File Include Vulnerability. CVE-2006-5250 . Webapps exploit for php platform |
id | EDB-ID:28781 |
last seen | 2016-02-03 |
modified | 2006-10-10 |
published | 2006-10-10 |
reporter | k1tk4t |
source | https://www.exploit-db.com/download/28781/ |
title | BlueShoes Framework 4.6 GoogleSearch.PHP Remote File Include Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | BLUESHOES_APP_FILE_INCLUDE.NASL |
description | The remote host is using BlueShoes, an application framework and content management system written in PHP. The version of BlueShoes installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22541 |
published | 2006-10-13 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22541 |
title | BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion |