Showing 1 - 2 of 2

OSVDB: OSVDB-86702

Invision IP.Board 3.3.4 unserialize() PHP Code Execution: Posted Nov 13, 2012; Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com; This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.; tags | exploit, web, arbitrary, php; advisories | CVE-2012-5692, OSVDB-86702; SHA-256 | 7e91adb9a9ee325db99241f1b63825bee21c97d9b41b272172e2f7674cc58e74; Download | Favorite | View

Invision Power Board 3.3.4 Code Execution: Posted Nov 1, 2012; Authored by EgiX; Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.; tags | exploit, php, code execution; advisories | CVE-2012-5692, OSVDB-86702; SHA-256 | 1330fc925eed3070b675329ffbec4961ebf0fa056a417f753e1981215eacb94e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days