GNUBoard V4.31.04 (09.01.30) Multiple Local/Remote Vulnerability bY /************************* SIR GNUBoard (VERSION 4.31.04 (09.01.30))is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But we find a file include vulnerability affects SIR GNUBoard. In special conditions,it may be used as a remote file include vulnerability . This issue to execute arbitrary PHP code on an affected computer with the privileges of the affected Web server. Here is the details: **************************/ TEST ON VERSION 4.31.04 (08.01.30) /*************************** Local File Inclusion Vulnerability /poll_result.php include_once("./_common.php"); $po = sql_fetch(" select * from $g4[poll_table] where po_id = '$po_id' "); if (!$po[po_id]) ¡Š¡Š echo ""; if (!$skin_dir) $skin_dir = "basic"; $poll_skin_path = "$g4[path]/skin/poll/$skin_dir"; include_once ("$poll_skin_path/"); //file include *************************/ poc: /*************************** SQL Injection Vulnerability /