Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Forum/Board/Portal)  >   ExBB Vendors:
ExBB Include File Bug in 'exbb[home_path]' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016773
SecurityTracker URL:
CVE Reference:   CVE-2006-4544   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 31 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.9.1
Description:   A vulnerability was reported in ExBB. A remote user can include and execute arbitrary code on the target system.

The software does not properly validate user-supplied input in the 'exbb[home_path]' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

The following files are affected:


Some demonstration exploit URLs are provided:









Ahmad Maulana a.k.a Matdhule reported this vulnerability.

The original advisory is available at:

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Date:  Thu, 31 Aug 2006 02:46:01 +0000
Subject:  [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File



[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion


Author		: Ahmad Maulana a.k.a Matdhule

Date Found	: August, 30th 2006

Location	: Indonesia, Jakarta

web		:

Critical Lvl	: Highly critical

Impact		: System access

Where		: From Remote


Affected software description:


ExBB 1.9.1

Application	: ExBB

version		: 1.9.1

URL		:




In folder birstday we found vulnerability script birst.php




  $birstdayconf = array();

  include ($exbb['home_path'].'modules/birstday/data/birstday_conf.php');

  include ($exbb['home_path'].'modules/birstday/language/'.$exbb['default_lang'].'/lang.php');



Input passed to the "exbb['home_path']" parameter in birst.php is not

properly verified before being used. This can be exploited to execute

arbitrary PHP code by including files from local or external


Also affected files :








Proof Of Concept:




- Sanitize variable $exbb['home_path'] on affected files.




~ solpot a.k.a chris, J4mbi  H4ck3r thx for the hacking lesson    :)   

~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous

~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama, BlueSpy, str0ke


~ Solpotcrew Comunity , #jambihackerlink #e-c-h-o








-------------------------------- [ EOF ]----------------------------------


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC