about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities




2006-06-15 DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities 
Rated as : Moderate Risk

Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various
scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
securitydot.net - 2006-06-15

Advertising

Copyright 2007, SecurityDot
Wed, 02 Dec 2009 23:03:59 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
news for c www.youku- site:www.w Sridevi.Se news for c Saxygarls kb925672 Sexy VIDEO plone Anisha kap sex inject thttpd 2.2 desi+india firstsex t www.tys8.c Www.sexygi Sexphoto g teen choic thirisa RFID burning+bo www.bollyw handannews crack+data PaX PHPNuke Ad AkoBook2.0 vBulletinn www.sou4f. Animalsex. Piravet Tina the__leo Vidio sex ww.pkball. icQ jumping tr vietsex.co Remote des news for c Sik /component animals fu snehanud.c Momota xxx Crack Data SexyVideoc pokemon se TamilSex donwlod vi