about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities




2006-06-15 DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities 
Rated as : Moderate Risk

Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various
scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
securitydot.net - 2006-06-15

Advertising

Copyright 2007, SecurityDot
Sun, 08 Nov 2009 03:40:47 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.zhuany paisas *rama azha www.youtou www.zl5688 WWW SEXMO fotosexind www.sexy m indiansexy fotosexind segar2498@ sexwallpap sec&am &egrav www.03469. www.lejle. Site localdev ckc WWW.NARUTO Www.malays www.2008so Pdx FreeBSD 4. WWW.SEX.A Www.Tamil www.aijiam segar2498@ Sexveedio www.nokiaf www.97tlk. 1207 WWW.DOG.SE www.eia8.c yjcaifeng. Www.Tamila AspNet Hot masala sex move jping linkreferr pussy scho www.km519. hot sex 200 /compo naked vedi Movissex anine live sex v judo