FunkBoard info.php Arbitrary Command Execution

2005-08-08T05:52:02
ID OSVDB:18623
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-08-08T05:52:02

Description

Vulnerability Description

FunkBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due when the 'mysql_install.php' script is not removed after installation. It is possible for a remote attacker to arbitrarily manipulate the 'info.php' script and execute arbitrary commands resulting in a loss of integrity.

Solution Description

Upgrade to version 0.70CF or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FunkBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due when the 'mysql_install.php' script is not removed after installation. It is possible for a remote attacker to arbitrarily manipulate the 'info.php' script and execute arbitrary commands resulting in a loss of integrity.

Manual Testing Notes

http://[target]/funkboard/info.php?command=ls%20-la http://[target]/funkboard/info.php?command=cat%20/etc/passwd

References:

Vendor URL: http://www.funkboard.co.uk/ Secunia Advisory ID:16371 Related OSVDB ID: 18614 Related OSVDB ID: 18615 Related OSVDB ID: 18617 Related OSVDB ID: 18616 Related OSVDB ID: 18619 Related OSVDB ID: 18620 Related OSVDB ID: 18613 Related OSVDB ID: 18618 Related OSVDB ID: 18622 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0130.html