phpBB Nivisec Hacks List Module Local File Inclusion

Posted on Monday, May 29, 2006 @ 12:04:58 UTC in Security
by Raven

TITLE: phpBB Nivisec Hacks List Module Local File Inclusion

SECUNIA ADVISORY ID: SA20359

VERIFY ADVISORY: http://secunia.com/advisories/20359/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Nivisec Hacks List 1.x (module for phpBB) - http://secunia.com/product/10204/

DESCRIPTION: Mustafa Can Bjorn has discovered a vulnerability in the Nivisec Hacks List module for phpBB, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "phpEx" parameter in admin_hacks_list.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.

Example: http://[host]/admin/admin_hacks_list.php?setmodules=1&board_config[default_lang]=english&phpEx=[file]

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.20. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY: Mustafa Can Bjorn

ORIGINAL ADVISORY: http://www.nukedx.com/?viewdoc=37
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,636,182
  • Today: 3,484
Server InfoServer Info
  • Mar 29, 2024
  • 04:38 am UTC