EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities

2009-09-02 / 2009-09-03
Credit: underwater
Risk: Medium
Local: No
Remote: Yes

----[ EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru ] EkinBoard >= 1.1.0 Remote File Upload / Auth Bypass Eugene Minaev underwater@itdefence.ru .\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / . We can bypass admin authorization if register_globals on . All admin panel script include this code <?php if(!in_array(2, $_groups)){ die("<center><span class=red>You need to be an admin to access this page!</span></center>"); } ?> test1.ru/skvoznoy/backup.php?_groups[]=2 There is a bug in upload function . We can upload any file bypass filters . Name your shell like file.php.gif and select it as your avatar . Then check uploaded/avatars/filename_your_id.php ----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]

References:

http://xforce.iss.net/xforce/xfdb/39507
http://www.securityfocus.com/bid/27166
http://www.milw0rm.com/exploits/4859


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top