about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities




2006-06-15 DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities 
Rated as : Moderate Risk

Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various
scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
securitydot.net - 2006-06-15

Advertising

Copyright 2007, SecurityDot
Sun, 06 Dec 2009 07:08:20 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
php-nuke s 90175.com PHP remote PHP Advanc news for C http://fre lighttpd 1 ver video sex pictur www.shengd Www.Ftv.Co 200 /compo CMS is Fre news for c search/exp Apache Tom Vidio sex PHP Advanc hotzi.cn Badblue dasibaba b darkboard. sixmovie.c mambo Remo components mambo Remo www.rtysw. sixmovie.c PHP Advanc mambo Remo Pono CMS is Fre guest book php-nuke 2 medical ap Game donwl php advanc mambo Remo Exim sptmp www.qianli sextv1.tv Www.Ftv.Co www.aljens PHP Advanc attr news for c tercer cie animal WWW.Pink w www.4544.c