PHP NUKE All version Remote File Inc.

2006.06.06
Credit: nukedx
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-2828
CWE: CWE-Other


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Yeah,its so weird. vulnerable code in pagestart.php at line 68. http://victim/modules/Forums/admin/admin_styles.php?phpbb_root_path=2 Warning: main(2common.php): failed to open stream: No such file or directory in C:InetpubvhostsvictimhttpdocsmodulesForumsadminpagestart.php on line 68 Just edited victim for security purposes. in pagestart.php at lines 67-68: ... include("../../../mainfile.php"); include($phpbb_root_path.'common.'.$phpEx); ... So it includes mainfile.php and i think this is making vulnerability. in mainfile.php at lines 54-56 ... if (!ini_get("register_globals")) { import_request_variables('GPC'); } ... I tried it on some servers.It didnt work but for some worked, and all this servers has register_globals off and magic_quotes_gpc on. This is so weird problem.. Regards, Mustafa Can Bjorn IPEKCI (nukedx a.k.a nuker)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top