CVE-2012-5692

Related Files

Invision IP.Board 3.3.4 unserialize() PHP Code Execution

Posted Nov 13, 2012

Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

tags | exploit, web, arbitrary, php

advisories | CVE-2012-5692, OSVDB-86702

SHA-256 | 7e91adb9a9ee325db99241f1b63825bee21c97d9b41b272172e2f7674cc58e74

Download | Favorite | View

Invision Power Board 3.3.4 Code Execution

Posted Nov 1, 2012

Authored by EgiX

Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.

tags | exploit, php, code execution

advisories | CVE-2012-5692, OSVDB-86702

SHA-256 | 1330fc925eed3070b675329ffbec4961ebf0fa056a417f753e1981215eacb94e

Download | Favorite | View