XBoard Local File Inclusion Vulnerability Network Vulnerability

Summary

The host is running xBoard and is prone to Local file inclusion vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the target system. Impact Level: Application

Solution

Ugrade to xBoard 6.5 or later, For updates refer to http://sourceforge.net/projects/xboard

Insight

The flaw is due to an improper validation of user-supplied input to the 'post' parameter in 'view.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.

Affected

xBoard versions 5.0, 5.5, 6.0

Detection

Send the crafted HTTP GET request and check is it possible to read the system file.

References

http://cxsecurity.com/issue/WLB-2013120166
http://packetstormsecurity.com/files/124589/xboard-lfi.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Tomcat DOS Device Name XSS
Apache Tiles Multiple XSS Vulnerability

xBoard Local File Inclusion Vulnerability

Take action and discover your vulnerabilities