CVE-2009-0678

RavenNuke 2.30 - Exposure of Sensitive Information via Invalid aFonts Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0678. PoCs published by waraxe.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Description

images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/8068

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Classification

Writeup 100%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: RavenNuke 2.3.0

Auth required

Prerequisites: Attacker must be logged in as a user for some exploits · Admin rights required for certain vulnerabilities

MITRE ATT&CK