[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : GNUBoard 4.31.03 (08.12.29) Local File Inclusion Vulnerability
# Published : 2009-01-15
# Author : flyh4t
# Previous Title : DMXReady Billboard Manager <= 1.1 Remote File Upload Vulnerability
# Next Title : Joomla com_Eventing 1.6.x Blind SQL Injection Exploit
GNUBoard V4.31.03 (08.12.29) Local/Remote File Include Vulnerability
BY flyh4t#hotmail.com
Thx to qiuren/rayt
TEAM:Wolves Security Team
SITE:http://bbs.wolvez.org/
/*************************
SIR GNUBoard (VERSION 4.31.03 (08.12.29))is a widely used bulletin board system of Korea.
It is freely available for all platforms that supports PHP and MySQL.
But we find a file include vulnerability affects SIR GNUBoard.
In special conditions,it may be used as a remote file include vulnerability .
This issue to execute arbitrary PHP code on an affected computer with the privileges of the affected Web server.
Here is the details:
**************************/
TEST ON VERSION 4.31.03 (08.12.29)
/***************************
/common.php
@extract($_GET);
@extract($_POST);
@extract($_SERVER);
a