OSVDB ID: 28531

Title: SimpleBoard for Mambo file_upload.php sbp Parameter Remote File Inclusion

Info

Disclosure

Jul 08, 2006

Discovery

Unknown

Dates

Exploit

Jul 08, 2006

Solution

Unknown

Description

SimpleBoard for Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'file_upload.php' not properly sanitizing user input supplied to the 'sbp' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Set the the register_globals PHP option to 'off'.

Products

MamboXChange	SimpleBoard	1.1
		1.0
		1.1.0

References

Bugtraq ID: 18917
Milw0rm: 1994
Exploit Database: 1994
CVE ID: 2006-3528 (see also: NVD)
Secunia Advisory ID: 20981
Related OSVDB ID: 27421
VUPEN Advisory: ADV-2006-2716
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0140.html
http://attrition.org/pipermail/vim/2006-July/000926.html
Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,75668.0.html
http://forum.joomla.org/index.php/topic,79477.0.html
Generic Informational URL: http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-071414-2632-99
Vendor URL: http://www.tsmf.net/content/view/159/63/

Credit

h4ntu - teloganyonggmail.com -

Direct URL: http://osvdb.org/28531

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MamboXChange

SimpleBoard

References

Credit