Vulnerability & Exploit Database

Back to search

Invision IP.Board unserialize() PHP Code Execution

This module exploits a php unserialize() vulnerability in Invision IP.Board <= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/unix/webapp/invision_pboard_unserialize_exec

Authors

  • EgiX
  • juan vazquez <juan.vazquez [at] metasploit.com>
  • sinn3r <sinn3r [at] metasploit.com>

References

Targets

  • Invision IP.Board 3.3.4

Platforms

  • php

Architectures

  • php

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/webapp/invision_pboard_unserialize_exec msf exploit(invision_pboard_unserialize_exec) > show targets ...targets... msf exploit(invision_pboard_unserialize_exec) > set TARGET <target-id> msf exploit(invision_pboard_unserialize_exec) > show options ...show and set options... msf exploit(invision_pboard_unserialize_exec) > exploit