GNUBoard "g4_path" File Inclusion Vulnerability


Description   flyh4t has discovered a vulnerability in GNUBoard, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
Input passed to the "g4_path" parameter in common.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources or to execute arbitrary PHP code via "data:" URIs.
Successful exploitation requires that "register_globals" is enabled. Successful execution of arbitrary PHP code requires that "allow_url_include" is enabled.
The vulnerability is confirmed in version 4.31.03. Prior versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
GNUBoard 4.x
     
Solution   Update to version 4.31.04 or later.
     
CVE   CVE-2009-0290
     
References   GNUBoard:
http://www.sir.co.kr/bbs/board.php?bo_table=g4_pds&
wr_id=4215&
page=3
milw0rm:
http://milw0rm.com/exploits/7792
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XMLRPC: possible remote code injection
3.2.0
PHP : HTML code injection prevention - suspicious GLOBALS variable
3.2.0
PHP : Remote file inclusion prevention: suspicious GLOBALS variable
3.2.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2009-01-16 

 Target Type 
Server 

 Possible exploit 
Remote